linux-user: don't use AT_EXECFD in do_openat()

AT_EXECFD gives access to the binary file even if it is not readable (only executable). Moreover it can be opened with flags and mode that are not the ones provided by do_openat() caller. And it is not available because loader_exec() has closed it. To avoid that, use only safe_openat() with the exec_path. Signed-off-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20220927124357.688536-3-laurent@vivier.eu> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
author: Laurent Vivier <laurent@vivier.eu> 2022-09-27 14:43:57 +0200
committer: Laurent Vivier <laurent@vivier.eu> 2022-10-21 17:46:19 +0200
commit: 00ed8a3459869f46dbb4e18d4dcc81882dfe8776 (patch)
tree: 9909762e4f82dfb55374ee20d3ecea8596e55f29 /linux-user
parent: f07eb1c4f805c0dcc14dd69fee49b601ce0b2d2c (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index a7a29091c9..665db67c05 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8251,8 +8251,7 @@ static int do_openat(CPUArchState *cpu_env, int dirfd, const char *pathname, int
     };
 
     if (is_proc_myself(pathname, "exe")) {
-        int execfd = qemu_getauxval(AT_EXECFD);
-        return execfd ? execfd : safe_openat(dirfd, exec_path, flags, mode);
+        return safe_openat(dirfd, exec_path, flags, mode);
     }
 
     for (fake_open = fakes; fake_open->filename; fake_open++) {
author	Laurent Vivier <laurent@vivier.eu>	2022-09-27 14:43:57 +0200
committer	Laurent Vivier <laurent@vivier.eu>	2022-10-21 17:46:19 +0200
commit	00ed8a3459869f46dbb4e18d4dcc81882dfe8776 (patch)
tree	9909762e4f82dfb55374ee20d3ecea8596e55f29 /linux-user
parent	f07eb1c4f805c0dcc14dd69fee49b601ce0b2d2c (diff)