From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christoph Hellwig Subject: Re: [musl] Re: [RFC] Possible new execveat(2) Linux syscall Date: Fri, 21 Nov 2014 02:10:15 -0800 Message-ID: <20141121101015.GF8866@infradead.org> References: <20141116195246.GX22465@brightrain.aerifal.cx> <20141116220859.GY22465@brightrain.aerifal.cx> <20141116233202.GA22465@brightrain.aerifal.cx> <20141117183010.GE22465@brightrain.aerifal.cx> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Content-Disposition: inline In-Reply-To: <20141117183010.GE22465@brightrain.aerifal.cx> To: Rich Felker Cc: David Drysdale , Andy Lutomirski , libc-alpha , musl@lists.openwall.com, Andrew Morton , Linux API , Christoph Hellwig List-Id: linux-api@vger.kernel.org On Mon, Nov 17, 2014 at 01:30:10PM -0500, Rich Felker wrote: > On Mon, Nov 17, 2014 at 03:42:15PM +0000, David Drysdale wrote: > > I'm not familiar with O_EXEC either, I'm afraid, so to be clear -- does > > O_EXEC mean the permission check is explicitly skipped later, at execute > > time? In other words, if you open(O_EXEC) an executable then remove the > > execute bit from the file, does a subsequent fexecve() still work? > > Yes. It's just like how read and write permissions work. If you open a > file for read then remove read permissions, or open it for write then > remove write permissions, the existing permissions to the open file > are not lost. Of course open with O_EXEC/O_SEARCH needs to fail if the > caller does not have +x access to the file/directory at the time of > open. Adding a FMODE_EXEC similar to FMODE_READ/WRITE would be trivial.