On 10.09.2019 18:21, David Holland wrote: > On Tue, Sep 10, 2019 at 06:11:55PM +0200, Kamil Rytarowski wrote: > > O_EXEC should be tunable in runtime, with: > > > > fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) | O_EXEC); > > Why? You can't do that with O_WRITE. > I don't know. I was looking for a corner case when we would skip this cache of O_EXEC on fexecve(). POSIX states: https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html 'Since execute permission is checked by fexecve(), the file description fd need not have been opened with the O_EXEC flag. ' but it is unclear to me later: 'However, if the file to be executed denies read and write permission for the process preparing to do the exec, the only way to provide the fd to fexecve() will be to use the O_EXEC flag when opening fd. In this case, the application will not be able to perform a checksum test since it will not be able to read the contents of the file.'
Attachment:
signature.asc
Description: OpenPGP digital signature