We cannot open file for reading and executing (O_RDONLY | O_EXEC).

Well, in theory we can pass those two flags, because O_RDONLY is 0, but we won't be able to read from a descriptor opened with O_EXEC. Update the comment. Sponsored by: FreeBSD Foundation MFC after: 2 weeks
2012-09-25 21:11:40 +00:00 · 2012-09-25 21:11:40 +00:00 · 8e4b011dc5
commit 8e4b011dc5
parent 1d5d62ac36
1 changed files with 3 additions and 3 deletions
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@ -441,10 +441,10 @@ do_execve(td, args, mac_p)
 	} else {
 		AUDIT_ARG_FD(args->fd);
 		/*
-		 * Some might argue that CAP_READ and/or CAP_MMAP should also
-		 * be required here; such arguments will be entertained.
+		 * Some might argue that CAP_MMAP should also be required here;
+		 * such arguments will be entertained.
 		 *
-		 * Descriptors opened only with O_EXEC or O_RDONLY are allowed.
+		 * Descriptors opened only with O_EXEC are allowed.
 		 */
 		error = fgetvp_exec(td, args->fd, CAP_FEXECVE, &binvp);
 		if (error)