diff mbox series

[PULL,4/8] linux-user: don't use AT_EXECFD in do_openat()

Message ID 20221025073606.3114355-5-laurent@vivier.eu
State New
Headers show
Series [PULL,1/8] linux-user: Fix more MIPS n32 syscall ABI issues | expand

Commit Message

Laurent Vivier Oct. 25, 2022, 7:36 a.m. UTC 
AT_EXECFD gives access to the binary file even if
it is not readable (only executable).

Moreover it can be opened with flags and mode that are not the ones
provided by do_openat() caller.

And it is not available because loader_exec() has closed it.

To avoid that, use only safe_openat() with the exec_path.

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220927124357.688536-3-laurent@vivier.eu>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
 linux-user/syscall.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index a7a29091c91e..665db67c0598 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8251,8 +8251,7 @@  static int do_openat(CPUArchState *cpu_env, int dirfd, const char *pathname, int
     };
 
     if (is_proc_myself(pathname, "exe")) {
-        int execfd = qemu_getauxval(AT_EXECFD);
-        return execfd ? execfd : safe_openat(dirfd, exec_path, flags, mode);
+        return safe_openat(dirfd, exec_path, flags, mode);
     }
 
     for (fake_open = fakes; fake_open->filename; fake_open++) {