Bug 252997 - open() aborts process when not used correctly.
Summary: open() aborts process when not used correctly.
Alias: None
Product: Fedora
Classification: Fedora
Component: glibc   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Fedora Extras Quality Assurance
Keywords: Reopened
Depends On: 252440
TreeView+ depends on / blocked
Reported: 2007-08-16 15:03 UTC by Steve Dickson
Modified: 2007-11-30 22:12 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-08-16 15:59:16 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Steve Dickson 2007-08-16 15:03:39 UTC
Description of problem:
the open system call has be changed in the glibc so if
a mode is not passed in during an O_CREATE open, the
process is aborted.

Version-Release number of selected component (if applicable):

How reproducible:
    int readonly = 0;
    char *fname = "/tmp/foo";

    open(fname, readonly? O_RDONLY : (O_RDWR|O_CREAT));
will cause the process to abort.

Steps to Reproduce:
Actual results:

Expected results:

Additional info:

Comment 1 Jakub Jelinek 2007-08-16 15:15:06 UTC
That's the same action as we use for -fstack-protector overflows, or for
-D_FORTIFY_SOURCE{,=2} check failures.  In all cases it is something that needs
immediate fix in the source, I'd add especially with open one that is very easy.

Comment 2 Peter Staubach 2007-08-16 15:25:11 UTC
Aren't those things that the application could not handle, at least easily?

A failing open system call is handleable.

A library should not be calling abort() or exit().

Comment 3 Jakub Jelinek 2007-08-16 15:28:58 UTC
Please don't reopen this, glibc won't change.

Comment 4 Peter Staubach 2007-08-16 15:40:20 UTC
THen who do we appeal to when incorrect decisions are made which can
affect _every_ application on the system?

Comment 5 Peter Staubach 2007-08-16 15:49:14 UTC
Were other, less drastic solutions considered?  Such as logging messages
with syslog()?

Comment 6 Jakub Jelinek 2007-08-16 15:59:16 UTC
Yes and they were dismissed.
This is a really serious bug, often with bad security consequences, exactly
the same as buffer overflows, app memory management errors on the heap, etc.
All cases are handled the same, by aborting with an error message and we were
doing that for years (some checks already in RHEL3, further ones added in RHEL4,
then new ones in RHEL5, then now in F8 again a new check).
With an abort you 1) stop the app from doing something that can have security
consequences immediately 2) very loudly tell the user the application is broken,
which allows immediate or almost immediate fixing of the problem.
You can look at history, all kinds of bugs reported this way are usually very
quickly fixed, whether it is memory management errors causing malloc to complain
and abort, or buffer overflow, etc.

Comment 7 Steve Dickson 2007-08-16 18:19:47 UTC
Here is the disscusion on the public Fedora Maintainers mailing list:


Note You need to log in before you can comment on or make changes to this bug.