From: Tulio A M Mendes Date: Tue, 26 May 2026 05:17:11 +0000 (-0300) Subject: security: fix VFS permissions and execve execute check (Fase 3) X-Git-Url: https://projects.tadryanom.me/?a=commitdiff_plain;h=35976772b9657f222d198bd85f434e00aa7ffa61;p=AdrOS.git security: fix VFS permissions and execve execute check (Fase 3) --- diff --git a/src/kernel/fs.c b/src/kernel/fs.c index e83d21fa..9bd62a80 100644 --- a/src/kernel/fs.c +++ b/src/kernel/fs.c @@ -670,7 +670,6 @@ extern struct process* current_process; /* From process.h */ int vfs_check_permission(fs_node_t* node, int want) { if (!current_process) return 0; /* kernel context — allow all */ if (current_process->euid == 0) return 0; /* root — allow all */ - if (node->mode == 0) return 0; /* mode not set — permissive */ uint32_t mode = node->mode; uint32_t perm; diff --git a/src/kernel/syscall.c b/src/kernel/syscall.c index 2ec485e2..e6ae5150 100644 --- a/src/kernel/syscall.c +++ b/src/kernel/syscall.c @@ -2111,6 +2111,10 @@ static int syscall_execve_impl(struct registers* regs, const char* user_path, co if (!node) node = vfs_lookup(path); if (!node) { ret = -ENOENT; goto out; } + /* Check execute permission on the file */ + int exec_perm_rc = vfs_check_permission(node, 1); /* 1 = execute */ + if (exec_perm_rc < 0) { ret = exec_perm_rc; goto out; } + uintptr_t entry = 0; uintptr_t user_sp = 0; uintptr_t new_as = 0;