From 35976772b9657f222d198bd85f434e00aa7ffa61 Mon Sep 17 00:00:00 2001 From: Tulio A M Mendes Date: Tue, 26 May 2026 02:17:11 -0300 Subject: [PATCH] security: fix VFS permissions and execve execute check (Fase 3) --- src/kernel/fs.c | 1 - src/kernel/syscall.c | 4 ++++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/kernel/fs.c b/src/kernel/fs.c index e83d21fa..9bd62a80 100644 --- a/src/kernel/fs.c +++ b/src/kernel/fs.c @@ -670,7 +670,6 @@ extern struct process* current_process; /* From process.h */ int vfs_check_permission(fs_node_t* node, int want) { if (!current_process) return 0; /* kernel context — allow all */ if (current_process->euid == 0) return 0; /* root — allow all */ - if (node->mode == 0) return 0; /* mode not set — permissive */ uint32_t mode = node->mode; uint32_t perm; diff --git a/src/kernel/syscall.c b/src/kernel/syscall.c index 2ec485e2..e6ae5150 100644 --- a/src/kernel/syscall.c +++ b/src/kernel/syscall.c @@ -2111,6 +2111,10 @@ static int syscall_execve_impl(struct registers* regs, const char* user_path, co if (!node) node = vfs_lookup(path); if (!node) { ret = -ENOENT; goto out; } + /* Check execute permission on the file */ + int exec_perm_rc = vfs_check_permission(node, 1); /* 1 = execute */ + if (exec_perm_rc < 0) { ret = exec_perm_rc; goto out; } + uintptr_t entry = 0; uintptr_t user_sp = 0; uintptr_t new_as = 0; -- 2.43.0