Filesystem permissions are not enforced
Filesystem permissions are not enforced. This includes the executable bit, descriptor.cpp needs a bunch of changes, and userland likely has issues with passing wrong flags to open(2). The user-space filesystem protocol needs some upgrades, like who owns a newly created file. Then there's issues like where this is enforced.
You shouldn't need read access to a file to execute it.
The user-space filesystem API doesn't know which user owns newly created files and doesn't handle security aspects of file creation. This needs to be redesigned securely.
Edited by Jonas Termansen