From 659bebab8e83ec9b5f6fef26ca27048af526ee40 Mon Sep 17 00:00:00 2001
From: Nicolas Lacasse <nlacasse@google.com>
Date: Mon, 8 Jul 2019 12:55:37 -0700
Subject: Don't try to execute a file that is not regular.

PiperOrigin-RevId: 257037608
---
 pkg/sentry/fs/mounts.go | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'pkg/sentry/fs')

diff --git a/pkg/sentry/fs/mounts.go b/pkg/sentry/fs/mounts.go
index ce7ffeed2..693ffc760 100644
--- a/pkg/sentry/fs/mounts.go
+++ b/pkg/sentry/fs/mounts.go
@@ -663,6 +663,11 @@ func (mns *MountNamespace) ResolveExecutablePath(ctx context.Context, wd, name s
 		}
 		defer d.DecRef()
 
+		// Check that it is a regular file.
+		if !IsRegular(d.Inode.StableAttr) {
+			continue
+		}
+
 		// Check whether we can read and execute the found file.
 		if err := d.Inode.CheckPermission(ctx, PermMask{Read: true, Execute: true}); err != nil {
 			log.Infof("Found executable at %q, but user cannot execute it: %v", binPath, err)
-- 
cgit v1.2.3