Abhishekmishra2808 commented on PR #19122: URL: https://github.com/apache/nuttx/pull/19122#issuecomment-4696395040
Update 1. Removed the stat()-based check from exec_internal() 2. Moved the check into the ELF loader (binfmt/elf.c), right after libelf_initialize() 3. Added binfmt_checkexecperm() as a centralized function in binfmt/binfmt_checkexec.c, called from each loader (elf.c, builtin.c, nxflat.c) 4. One additional fix needed: in load_absmodule() (binfmt_loadmodule.c), when a loader returns -EACCES, the loop continued to the next registered loader (e.g. the builtin loader could bypass the ELF loader's denial by matching on the binary's basename). Fixed by breaking out of the loader loop immediately on -EACCES. Tested on ESP32-C3, and it worked. (Logs updated) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
