Bug 252997
| Summary: | open() aborts process when not used correctly. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Steve Dickson <steved> |
| Component: | glibc | Assignee: | Jakub Jelinek <jakub> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | rawhide | CC: | staubach, tmokros |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-08-16 15:59:16 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 252440 | ||
| Bug Blocks: | |||
That's the same action as we use for -fstack-protector overflows, or for
-D_FORTIFY_SOURCE{,=2} check failures. In all cases it is something that needs
immediate fix in the source, I'd add especially with open one that is very easy.
Aren't those things that the application could not handle, at least easily? A failing open system call is handleable. A library should not be calling abort() or exit(). Please don't reopen this, glibc won't change. THen who do we appeal to when incorrect decisions are made which can affect _every_ application on the system? Were other, less drastic solutions considered? Such as logging messages with syslog()? Yes and they were dismissed. This is a really serious bug, often with bad security consequences, exactly the same as buffer overflows, app memory management errors on the heap, etc. All cases are handled the same, by aborting with an error message and we were doing that for years (some checks already in RHEL3, further ones added in RHEL4, then new ones in RHEL5, then now in F8 again a new check). With an abort you 1) stop the app from doing something that can have security consequences immediately 2) very loudly tell the user the application is broken, which allows immediate or almost immediate fixing of the problem. You can look at history, all kinds of bugs reported this way are usually very quickly fixed, whether it is memory management errors causing malloc to complain and abort, or buffer overflow, etc. Here is the disscusion on the public Fedora Maintainers mailing list: https://www.redhat.com/archives/fedora-maintainers/2007-August/msg00265.html |
Description of problem: the open system call has be changed in the glibc so if a mode is not passed in during an O_CREATE open, the process is aborted. Version-Release number of selected component (if applicable): How reproducible: main() int readonly = 0; char *fname = "/tmp/foo"; open(fname, readonly? O_RDONLY : (O_RDWR|O_CREAT)); } will cause the process to abort. Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: