From: Tim van der Molen Subject: rdist: fix noexec option To: tech@openbsd.org Date: Wed, 6 Aug 2025 13:33:04 +0200 rdist's noexec option does not skip PIE executables. This diff fixes that by also checking for ELF files of type ET_DYN. Unfortunately, this means that shared library files will now also be skipped if they have execute permissions (but on OpenBSD they usually don't). OK? Index: isexec.c =================================================================== RCS file: /cvs/src/usr.bin/rdist/isexec.c,v diff -p -u -U10 -r1.13 isexec.c --- isexec.c 24 Oct 2021 21:24:17 -0000 1.13 +++ isexec.c 6 Aug 2025 10:47:45 -0000 @@ -48,16 +48,20 @@ isexec(char *file, struct stat *statp) /* * Must be a regular file that has some executable mode bit on */ if (!S_ISREG(statp->st_mode) || !(statp->st_mode & (S_IXUSR|S_IXGRP|S_IXOTH))) return(FALSE); if ((fd = open(file, O_RDONLY)) == -1) return(FALSE); - r = read(fd, &hdr, sizeof(hdr)) == sizeof(hdr) && - IS_ELF(hdr) && hdr.e_type == ET_EXEC; + if (read(fd, &hdr, sizeof(hdr)) != sizeof(hdr)) { + close(fd); + return(FALSE); + } + + r = IS_ELF(hdr) && (hdr.e_type == ET_EXEC || hdr.e_type == ET_DYN); close(fd); return (r); } Index: rdist.1 =================================================================== RCS file: /cvs/src/usr.bin/rdist/rdist.1,v diff -p -u -U10 -r1.51 rdist.1 --- rdist.1 30 Dec 2024 07:13:33 -0000 1.51 +++ rdist.1 6 Aug 2025 10:47:45 -0000 @@ -311,21 +311,21 @@ Do not check user ownership of files tha The file ownership is only set when the file is updated. .It Ic nodescend Do not descend into a directory. Normally, .Nm will recursively check directories. If this option is enabled, then any files listed in the file list in the distfile that are directories are not recursively scanned. Only the existence, ownership, and mode of the directory are checked. .It Ic noexec -Automatically exclude executable binary files in +Automatically exclude executable binary and shared library files in .Xr elf 5 format from being checked or updated. .It Ic numchkgroup Use the numeric group ID (GID) to check group ownership instead of the group name. .It Ic numchkowner Use the numeric user ID (UID) to check user ownership instead of the user name. .It Ic quiet Quiet mode.