Re: more fexecve questions

[Christoph Badura <bad%bsd.de@localhost>]

On Tue, Sep 10, 2019 at 07:31:47PM +0200, Kamil Rytarowski wrote:
> On 10.09.2019 18:21, David Holland wrote:

> >  > O_EXEC should be tunable in runtime, with:
> >  > fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) | O_EXEC);
> > Why? You can't do that with O_WRITE.
> I don't know. I was looking for a corner case when we would skip this
> cache of O_EXEC on fexecve().
> POSIX states:
> https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html
> 
> 'Since execute permission is checked by fexecve(), the file description
> fd need not have been opened with the O_EXEC flag. '
> 'However, if the file to be executed denies read and write permission
> for the process preparing to do the exec, the only way to provide the fd
> to fexecve() will be to use the O_EXEC flag when opening fd. In this
> case, the application will not be able to perform a checksum test since
> it will not be able to read the contents of the file.'

This is to catch the following case(s): The file might have the
following permissions "--x--x--x" (or equivalent where the open()ing
process doesn't have read or write permission).  Since you can open such
a file for reading or writing (except as root) you need an additional
flag to open() to obtain a file descriptor that can be passed to
fexecve().  That's what O_EXEC is for.  Whether the receiving process
can successfully fexecve(2) such a file descriptor is another matter.
That's what the "execute permission is checked by fexecve()" specifies.

--chris