From: Laurent Vivier <laurent@vivier.eu>
To: qemu-devel@nongnu.org
Cc: Laurent Vivier <laurent@vivier.eu>
Subject: [PATCH v2 2/2] linux-user: don't use AT_EXECFD in do_openat()
Date: Tue, 27 Sep 2022 14:43:57 +0200 [thread overview]
Message-ID: <20220927124357.688536-3-laurent@vivier.eu> (raw)
In-Reply-To: <20220927124357.688536-1-laurent@vivier.eu>
AT_EXECFD gives access to the binary file even if
it is not readable (only executable).
Moreover it can be opened with flags and mode that are not the ones
provided by do_openat() caller.
And it is not available because loader_exec() has closed it.
To avoid that, use only safe_openat() with the exec_path.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
linux-user/syscall.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index ddf09d7eb61a..0c80e9d68e28 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8263,8 +8263,7 @@ static int do_openat(CPUArchState *cpu_env, int dirfd, const char *pathname, int
};
if (is_proc_myself(pathname, "exe")) {
- int execfd = qemu_getauxval(AT_EXECFD);
- return execfd ? execfd : safe_openat(dirfd, exec_path, flags, mode);
+ return safe_openat(dirfd, exec_path, flags, mode);
}
for (fake_open = fakes; fake_open->filename; fake_open++) {
--
2.37.3
next prev parent reply other threads:[~2022-09-27 14:13 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-27 12:43 [PATCH v2 0/2] linux-user: handle /proc/self/exe with execve() syscall Laurent Vivier
2022-09-27 12:43 ` [PATCH v2 1/2] " Laurent Vivier
2022-10-21 15:10 ` Laurent Vivier
2022-09-27 12:43 ` Laurent Vivier [this message]
2022-10-21 15:10 ` [PATCH v2 2/2] linux-user: don't use AT_EXECFD in do_openat() Laurent Vivier
2022-10-26 15:25 ` [PATCH v2 0/2] linux-user: handle /proc/self/exe with execve() syscall Michael Tokarev
2022-10-27 6:40 ` Laurent Vivier
2022-10-27 10:42 ` Michael Tokarev
[not found] ` <ff22a2ac-d058-2448-0e76-03223f7f46dc@tls.msk.ru>
2022-10-27 12:09 ` Michael Tokarev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220927124357.688536-3-laurent@vivier.eu \
--to=laurent@vivier.eu \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).