O_EXEC flag is not part of the O_ACCMODE mask, check it separately.

If O_EXEC is provided don't require CAP_READ/CAP_WRITE, as O_EXEC
is mutually exclusive to O_RDONLY/O_WRONLY/O_RDWR.

Without this change CAP_FEXECVE capability right is not enforced.

Sponsored by:	FreeBSD Foundation
MFC after:	3 days

1 files changed, 13 insertions, 15 deletions

diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index cc6d93c..e518d58 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -1006,22 +1006,20 @@ flags_to_rights(int flags)
 {
 	cap_rights_t rights = 0;
 
-	switch ((flags & O_ACCMODE)) {
-	case O_RDONLY:
-		rights |= CAP_READ;
-		break;
-
-	case O_RDWR:
-		rights |= CAP_READ;
-		/* fall through */
-
-	case O_WRONLY:
-		rights |= CAP_WRITE;
-		break;
-
-	case O_EXEC:
+	if (flags & O_EXEC) {
 		rights |= CAP_FEXECVE;
-		break;
+	} else {
+		switch ((flags & O_ACCMODE)) {
+		case O_RDONLY:
+			rights |= CAP_READ;
+			break;
+		case O_RDWR:
+			rights |= CAP_READ;
+			/* FALLTHROUGH */
+		case O_WRONLY:
+			rights |= CAP_WRITE;
+			break;
+		}
 	}
 
 	if (flags & O_CREAT)