From nobody Wed Nov 03 16:02:48 2021 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4CC4718372A1; Wed, 3 Nov 2021 16:02:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Hks481ZVvz4hbv; Wed, 3 Nov 2021 16:02:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 15B571B1F0; Wed, 3 Nov 2021 16:02:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1A3G2mH4082443; Wed, 3 Nov 2021 16:02:48 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1A3G2mu7082442; Wed, 3 Nov 2021 16:02:48 GMT (envelope-from git) Date: Wed, 3 Nov 2021 16:02:48 GMT Message-Id: <202111031602.1A3G2mu7082442@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Konstantin Belousov Subject: git: be10c0a91015 - main - fexecve(2): allow O_PATH file descriptors opened without O_EXEC List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: be10c0a910155709dc4e521db3349d50e0440018 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=be10c0a910155709dc4e521db3349d50e0440018 commit be10c0a910155709dc4e521db3349d50e0440018 Author: Konstantin Belousov AuthorDate: 2021-11-03 12:51:06 +0000 Commit: Konstantin Belousov CommitDate: 2021-11-03 16:00:42 +0000 fexecve(2): allow O_PATH file descriptors opened without O_EXEC This improves compatibility with Linux. Noted by: Drew DeVault Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D32821 --- lib/libc/sys/open.2 | 3 --- sys/kern/kern_descrip.c | 5 +++-- sys/kern/kern_exec.c | 13 ++++++++++--- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/lib/libc/sys/open.2 b/lib/libc/sys/open.2 index da42c238a151..f6b061079ddf 100644 --- a/lib/libc/sys/open.2 +++ b/lib/libc/sys/open.2 @@ -334,9 +334,6 @@ but advisory locking is not allowed .It Xr close 2 .It Xr fstat 2 .It Xr fexecve 2 -requires that -.Dv O_EXEC -was also specified at open time .It Dv SCM_RIGHTS can be passed over a .Xr unix 4 diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c index a7e3785bc672..37d978e96de5 100644 --- a/sys/kern/kern_descrip.c +++ b/sys/kern/kern_descrip.c @@ -3213,8 +3213,9 @@ _fget(struct thread *td, int fd, struct file **fpp, int flags, error = EBADF; break; case FEXEC: - if ((fp->f_flag & (FREAD | FEXEC)) == 0 || - ((fp->f_flag & FWRITE) != 0)) + if (fp->f_ops != &path_fileops && + ((fp->f_flag & (FREAD | FEXEC)) == 0 || + (fp->f_flag & FWRITE) != 0)) error = EBADF; break; case 0: diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index c5b450b04240..575771346fd1 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -530,13 +530,20 @@ interpret: } } else { AUDIT_ARG_FD(args->fd); + /* - * Descriptors opened only with O_EXEC or O_RDONLY are allowed. + * If the descriptors was not opened with O_PATH, then + * we require that it was opened with O_EXEC or + * O_RDONLY. In either case, exec_check_permissions() + * below checks _current_ file access mode regardless + * of the permissions additionally checked at the + * open(2). */ error = fgetvp_exec(td, args->fd, &cap_fexecve_rights, &newtextvp); - if (error) + if (error != 0) goto exec_fail; + if (vn_fullpath(newtextvp, &imgp->execpath, &imgp->freepath) != 0) imgp->execpath = args->fname; @@ -881,7 +888,7 @@ interpret: /* * Store the vp for use in kern.proc.pathname. This vnode was - * referenced by namei() or fgetvp_exec(). + * referenced by namei() or by fexecve variant of fname handling. */ oldtextvp = p->p_textvp; p->p_textvp = newtextvp;