security: fix VFS permissions and execve execute check (Fase 3)

author Tulio A M Mendes <[email protected]>

Tue, 26 May 2026 05:17:11 +0000 (02:17 -0300)

committer Tulio A M Mendes <[email protected]>

Wed, 3 Jun 2026 05:52:27 +0000 (02:52 -0300)
author Tulio A M Mendes <[email protected]>
Tue, 26 May 2026 05:17:11 +0000 (02:17 -0300)
committer Tulio A M Mendes <[email protected]>
Wed, 3 Jun 2026 05:52:27 +0000 (02:52 -0300)
diff --git a/src/kernel/fs.c b/src/kernel/fs.c

index e83d21fa87364f2cb248c60dc2d2700bb95dc64d..9bd62a8096be1d9728ef76fa7bd427d902924a09 100644 (file)
--- a/src/kernel/fs.c
+++ b/src/kernel/fs.c
@@ -670,7 +670,6 @@ extern struct process* current_process;  /* From process.h */
  int vfs_check_permission(fs_node_t* node, int want) {
      if (!current_process) return 0;       /* kernel context — allow all */
      if (current_process->euid == 0) return 0;  /* root — allow all */
-    if (node->mode == 0) return 0;        /* mode not set — permissive */
  
      uint32_t mode = node->mode;
      uint32_t perm;
diff --git a/src/kernel/syscall.c b/src/kernel/syscall.c

index 2ec485e206cecf5777b17334fb6dc3bf97492ab2..e6ae5150c746c43ee78d60838430c7ba4ae1db9f 100644 (file)
--- a/src/kernel/syscall.c
+++ b/src/kernel/syscall.c
@@ -2111,6 +2111,10 @@ static int syscall_execve_impl(struct registers* regs, const char* user_path, co
      if (!node) node = vfs_lookup(path);
      if (!node) { ret = -ENOENT; goto out; }
  
+    /* Check execute permission on the file */
+    int exec_perm_rc = vfs_check_permission(node, 1); /* 1 = execute */
+    if (exec_perm_rc < 0) { ret = exec_perm_rc; goto out; }
+
      uintptr_t entry = 0;
      uintptr_t user_sp = 0;
      uintptr_t new_as = 0;
author	Tulio A M Mendes <[email protected]>
	Tue, 26 May 2026 05:17:11 +0000 (02:17 -0300)
committer	Tulio A M Mendes <[email protected]>
	Wed, 3 Jun 2026 05:52:27 +0000 (02:52 -0300)
src/kernel/fs.c		patch \| blob \| blame \| history
src/kernel/syscall.c		patch \| blob \| blame \| history