From ec03f29fd14c912ab384ff10ace87862787feb58 Mon Sep 17 00:00:00 2001
From: Ralf Donau <ruelle@volleyballschlaeger.de>
Date: Wed, 8 Sep 2021 19:40:07 +0200
Subject: [PATCH] Kernel/VFS: Restrict special unveil rule for Loader.so

---
 Kernel/FileSystem/VirtualFileSystem.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Kernel/FileSystem/VirtualFileSystem.cpp b/Kernel/FileSystem/VirtualFileSystem.cpp
index 41a3c5050a..5378a58a2d 100644
--- a/Kernel/FileSystem/VirtualFileSystem.cpp
+++ b/Kernel/FileSystem/VirtualFileSystem.cpp
@@ -764,7 +764,7 @@ KResult VirtualFileSystem::validate_path_against_process_veil(StringView path, i
 {
     if (Process::current().veil_state() == VeilState::None)
         return KSuccess;
-    if (path == "/usr/lib/Loader.so")
+    if (options == O_EXEC && path == "/usr/lib/Loader.so")
         return KSuccess;
 
     VERIFY(path.starts_with('/'));