[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 2/2] linux-user: don't use AT_EXECFD in do_openat()

From: Laurent Vivier
Subject: [PATCH 2/2] linux-user: don't use AT_EXECFD in do_openat()
Date: Sun, 25 Sep 2022 18:15:27 +0200

AT_EXECFD gives access to the binary file even if
it is not readable (only executable).

Moreover it can be opened with flags and mode that are not the ones
provided by do_openat() caller.

And finally the caller can close the file descriptor whereas
we can need it with execveat().

To avoid that, use only safe_openat() with the exec_path.

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
 linux-user/syscall.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 6642652b7644..01f03535fe64 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8265,8 +8265,7 @@ static int do_openat(CPUArchState *cpu_env, int dirfd, 
const char *pathname, int
     if (is_proc_myself(pathname, "exe")) {
-        int execfd = qemu_getauxval(AT_EXECFD);
-        return execfd ? execfd : safe_openat(dirfd, exec_path, flags, mode);
+        return safe_openat(dirfd, exec_path, flags, mode);
     for (fake_open = fakes; fake_open->filename; fake_open++) {

reply via email to

[Prev in Thread] Current Thread [Next in Thread]