1. Patchew
  2. QEMU
  3. [PATCH v2 0/2] linux-user: handle /proc/self/exe with execve() syscall
  4. View patch

[PATCH v2 2/2] linux-user: don't use AT_EXECFD in do_openat()

Laurent Vivier posted 2 patches 3 years, 4 months ago
Maintainers: Laurent Vivier <laurent@vivier.eu>
[PATCH v2 2/2] linux-user: don't use AT_EXECFD in do_openat()
Posted by Laurent Vivier 3 years, 4 months ago 
AT_EXECFD gives access to the binary file even if
it is not readable (only executable).

Moreover it can be opened with flags and mode that are not the ones
provided by do_openat() caller.

And it is not available because loader_exec() has closed it.

To avoid that, use only safe_openat() with the exec_path.

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
 linux-user/syscall.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index ddf09d7eb61a..0c80e9d68e28 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8263,8 +8263,7 @@ static int do_openat(CPUArchState *cpu_env, int dirfd, const char *pathname, int
     };
 
     if (is_proc_myself(pathname, "exe")) {
-        int execfd = qemu_getauxval(AT_EXECFD);
-        return execfd ? execfd : safe_openat(dirfd, exec_path, flags, mode);
+        return safe_openat(dirfd, exec_path, flags, mode);
     }
 
     for (fake_open = fakes; fake_open->filename; fake_open++) {
-- 
2.37.3
Re: [PATCH v2 2/2] linux-user: don't use AT_EXECFD in do_openat()
Posted by Laurent Vivier 3 years, 3 months ago 
Le 27/09/2022 à 14:43, Laurent Vivier a écrit :
> AT_EXECFD gives access to the binary file even if
> it is not readable (only executable).
> 
> Moreover it can be opened with flags and mode that are not the ones
> provided by do_openat() caller.
> 
> And it is not available because loader_exec() has closed it.
> 
> To avoid that, use only safe_openat() with the exec_path.
> 
> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
> ---
>   linux-user/syscall.c | 3 +--
>   1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index ddf09d7eb61a..0c80e9d68e28 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -8263,8 +8263,7 @@ static int do_openat(CPUArchState *cpu_env, int dirfd, const char *pathname, int
>       };
>   
>       if (is_proc_myself(pathname, "exe")) {
> -        int execfd = qemu_getauxval(AT_EXECFD);
> -        return execfd ? execfd : safe_openat(dirfd, exec_path, flags, mode);
> +        return safe_openat(dirfd, exec_path, flags, mode);
>       }
>   
>       for (fake_open = fakes; fake_open->filename; fake_open++) {

Applied to my linux-user-for-7.2 branch.

Thanks,
Laurent

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.