> Are there cases where a process wouldn't have permissions to access its own executable
Yes. Permissions might have changed after execution has begun. The file might even have been removed. This creates a race condition.
> argv[0] value is unreliable?
It is. The program calling execve has complete control over the arguments and environment of the program being spawned. It could set argv[0] to anything, including the null pointer or the empty string.
Last year I sent a patch to GNU coreutils that would let env set the argv[0] of programs. My purpose was to use env to test this exact edge case.
> the symbolic link will contain the string ' (deleted)'
> appended to the original pathname.
It's not 100% clear to me if opening and reading the executable will still succeed in that case. I assume it wouldn't work because the manual says it's just a symbolic link to the executable which will become a dangling link if the file it points to is deleted.
There's more: permissions to read the link can be revoked, the link is invalidated if the main thread ever exits, it has a completely different format in old Linux versions...
The ELF segment approach just ignores everything in this comment by getting Linux to mmap the data in just like the program text and data sections. The data will be ready before the program even runs.
Yes. Permissions might have changed after execution has begun. The file might even have been removed. This creates a race condition.
> argv[0] value is unreliable?
It is. The program calling execve has complete control over the arguments and environment of the program being spawned. It could set argv[0] to anything, including the null pointer or the empty string.
Last year I sent a patch to GNU coreutils that would let env set the argv[0] of programs. My purpose was to use env to test this exact edge case.
https://lists.gnu.org/archive/html/coreutils/2023-03/msg0000...
https://lists.gnu.org/archive/html/coreutils/2023-08/msg0006...
They said they were going to consider it. As of today, the feature has not yet made it in.
> Can you exec on a file descriptor of a deleted file?
Not sure. I assume it would cause the system call to fail.
> or would /proc/self/exe always point to something the process could open?
Not always. According to the manual there's some complexity involved:
https://www.man7.org/linux/man-pages/man5/proc.5.html
> If the pathname has been unlinked,
> the symbolic link will contain the string ' (deleted)'
> appended to the original pathname.
It's not 100% clear to me if opening and reading the executable will still succeed in that case. I assume it wouldn't work because the manual says it's just a symbolic link to the executable which will become a dangling link if the file it points to is deleted.
There's more: permissions to read the link can be revoked, the link is invalidated if the main thread ever exits, it has a completely different format in old Linux versions...
The ELF segment approach just ignores everything in this comment by getting Linux to mmap the data in just like the program text and data sections. The data will be ready before the program even runs.