Re: more fexecve questions

[Jason Thorpe <thorpej%me.com@localhost>]

> On Sep 10, 2019, at 8:31 PM, Kamil Rytarowski <n54%gmx.com@localhost> wrote:
> 
> I don't know. I was looking for a corner case when we would skip this
> cache of O_EXEC on fexecve().
> 
> POSIX states:
> 
> https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html
> 
> 'Since execute permission is checked by fexecve(), the file description
> fd need not have been opened with the O_EXEC flag. '

Right, I understand that O_EXEC is there for binaries that are "-r-x--x--x" and you're just some random "other" user that wants to exec the file.  Obviously you have to be able to open it to get a descriptor, so O_EXEC is there for this case ... such a descriptor grants neither read nor write, but it allows you to get a descriptor, and a descriptor + "x"-permission-for-you on the file is all you need to fexecve() (just as if you were using regular execve()).

> but it is unclear to me later:
> 
> 'However, if the file to be executed denies read and write permission
> for the process preparing to do the exec, the only way to provide the fd
> to fexecve() will be to use the O_EXEC flag when opening fd. In this
> case, the application will not be able to perform a checksum test since
> it will not be able to read the contents of the file.'

"the application" ... of course nothing precludes the kernel (or its delegate) from performing a code signing check in this case.

-- thorpej