From 4b1079510b708fa4c755f8c7940dd9087e75910f Mon Sep 17 00:00:00 2001
From: Jonas 'Sortie' Termansen <sortie@maxsi.org>
Date: Sun, 20 Sep 2015 22:05:24 +0200
Subject: [PATCH] Execute only programs with an executable bit set.

---
 kernel/process.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/process.cpp b/kernel/process.cpp
index aecd171d..14500988 100644
--- a/kernel/process.cpp
+++ b/kernel/process.cpp
@@ -1162,6 +1162,8 @@ int sys_execve_kernel(const char* filename,
 	struct stat st;
 	if ( desc->stat(&ctx, &st) )
 		return -1;
+	if ( !(st.st_mode & 0111) )
+		return errno = EACCES, -1;
 	if ( st.st_size < 0 )
 		return errno = EINVAL, -1;
 	if ( (uintmax_t) SIZE_MAX < (uintmax_t) st.st_size )