Index: sys/kern/kern_exec.c
===================================================================
--- sys/kern/kern_exec.c	(revision 205728)
+++ sys/kern/kern_exec.c	(working copy)
@@ -1324,13 +1324,9 @@ exec_check_permissions(imgp)
 	/*
 	 * 1) Check if file execution is disabled for the filesystem that this
 	 *	file resides on.
-	 * 2) Insure that at least one execute bit is on - otherwise root
-	 *	will always succeed, and we don't want to happen unless the
-	 *	file really is executable.
-	 * 3) Insure that the file is a regular file.
+	 * 2) Ensure that the file is a regular file.
 	 */
 	if ((vp->v_mount->mnt_flag & MNT_NOEXEC) ||
-	    ((attr->va_mode & 0111) == 0) ||
 	    (attr->va_type != VREG))
 		return (EACCES);
 
Index: sys/kern/vfs_subr.c
===================================================================
--- sys/kern/vfs_subr.c	(revision 205728)
+++ sys/kern/vfs_subr.c	(working copy)
@@ -3597,8 +3597,14 @@ privcheck:
 		    !priv_check_cred(cred, PRIV_VFS_LOOKUP, 0))
 			priv_granted |= VEXEC;
 	} else {
+		/*
+		 * Ensure that at least one execute bit is on - otherwise
+		 * privileged user will always succeed, and we don't want to
+		 * happen unless the file really is executable.
+		 */
 		if ((accmode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
-		    !priv_check_cred(cred, PRIV_VFS_EXEC, 0))
+		    !priv_check_cred(cred, PRIV_VFS_EXEC, 0) &&
+		    file_mode & (S_IXUSR | S_IXGRP | S_IXOTH))
 			priv_granted |= VEXEC;
 	}
 
Index: sys/kern/subr_acl_nfs4.c
===================================================================
--- sys/kern/subr_acl_nfs4.c	(revision 205728)
+++ sys/kern/subr_acl_nfs4.c	(working copy)
@@ -162,6 +162,7 @@ vaccess_acl_nfs4(enum vtype type, uid_t 
 	accmode_t priv_granted = 0;
 	int denied, explicitly_denied, access_mask, is_directory,
 	    must_be_owner = 0;
+	mode_t file_mode = 0;
 
 	KASSERT((accmode & ~(VEXEC | VWRITE | VREAD | VADMIN | VAPPEND |
 	    VEXPLICIT_DENY | VREAD_NAMED_ATTRS | VWRITE_NAMED_ATTRS |
@@ -236,8 +237,15 @@ vaccess_acl_nfs4(enum vtype type, uid_t 
 		    PRIV_VFS_LOOKUP, 0))
 			priv_granted |= VEXEC;
 	} else {
+		/*
+		 * Ensure that at least one execute bit is on - otherwise
+		 * privileged user will always succeed, and we don't want to
+		 * happen unless the file really is executable.
+		 */
+		acl_nfs4_sync_mode_from_acl(&file_mode, aclp);
 		if ((accmode & VEXEC) && !priv_check_cred(cred,
-		    PRIV_VFS_EXEC, 0))
+		    PRIV_VFS_EXEC, 0) && (file_mode &
+		    (S_IXUSR | S_IXGRP | S_IXOTH)))
 			priv_granted |= VEXEC;
 	}
 
Index: sys/kern/subr_acl_posix1e.c
===================================================================
--- sys/kern/subr_acl_posix1e.c	(revision 205728)
+++ sys/kern/subr_acl_posix1e.c	(working copy)
@@ -90,8 +90,14 @@ vaccess_acl_posix1e(enum vtype type, uid
 		     PRIV_VFS_LOOKUP, 0))
 			priv_granted |= VEXEC;
 	} else {
+		/*
+		 * Ensure that at least one execute bit is on - otherwise
+		 * privileged user will always succeed, and we don't want to
+		 * happen unless the file really is executable.
+		 */
 		if ((accmode & VEXEC) && !priv_check_cred(cred,
-		    PRIV_VFS_EXEC, 0))
+		    PRIV_VFS_EXEC, 0) && (acl_posix1e_acl_to_mode(acl) &
+		    (S_IXUSR | S_IXGRP | S_IXOTH)))
 			priv_granted |= VEXEC;
 	}