fexecve(2): allow O_PATH file descriptors opened without O_EXEC

This improves compatibility with Linux.

Noted by:	Drew DeVault <sir@cmpwn.com>
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D32821

lib/libc/sys/open.2

@@ -334,9 +334,6 @@ but advisory locking is not allowed
 .It Xr close 2
 .It Xr fstat 2
 .It Xr fexecve 2
-requires that
-.Dv O_EXEC
-was also specified at open time
 .It Dv SCM_RIGHTS
 can be passed over a
 .Xr unix 4

sys/kern/kern_descrip.c

@@ -3213,8 +3213,9 @@ _fget(struct thread *td, int fd, struct file **fpp, int flags,
 			error = EBADF;
 		break;
 	case FEXEC:
-	    	if ((fp->f_flag & (FREAD | FEXEC)) == 0 ||
-		    ((fp->f_flag & FWRITE) != 0))
+		if (fp->f_ops != &path_fileops &&
+		    ((fp->f_flag & (FREAD | FEXEC)) == 0 ||
+		    (fp->f_flag & FWRITE) != 0))
 			error = EBADF;
 		break;
 	case 0:

sys/kern/kern_exec.c

@@ -530,13 +530,20 @@ do_execve(struct thread *td, struct image_args *args, struct mac *mac_p,
 		}
 	} else {
 		AUDIT_ARG_FD(args->fd);
+
 		/*
-		 * Descriptors opened only with O_EXEC or O_RDONLY are allowed.
+		 * If the descriptors was not opened with O_PATH, then
+		 * we require that it was opened with O_EXEC or
+		 * O_RDONLY.  In either case, exec_check_permissions()
+		 * below checks _current_ file access mode regardless
+		 * of the permissions additionally checked at the
+		 * open(2).
 		 */
 		error = fgetvp_exec(td, args->fd, &cap_fexecve_rights,
 		    &newtextvp);
-		if (error)
+		if (error != 0)
 			goto exec_fail;
+
 		if (vn_fullpath(newtextvp, &imgp->execpath,
 		    &imgp->freepath) != 0)
 			imgp->execpath = args->fname;
@@ -881,7 +888,7 @@ do_execve(struct thread *td, struct image_args *args, struct mac *mac_p,
 
 	/*
 	 * Store the vp for use in kern.proc.pathname.  This vnode was
-	 * referenced by namei() or fgetvp_exec().
+	 * referenced by namei() or by fexecve variant of fname handling.
 	 */
 	oldtextvp = p->p_textvp;
 	p->p_textvp = newtextvp;