252997 – open() aborts process when not used correctly.

Bug 252997 - open() aborts process when not used correctly.

Summary: open() aborts process when not used correctly.

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	glibc
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Jakub Jelinek
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	252440
Blocks:
TreeView+	depends on / blocked

Reported:	2007-08-16 15:03 UTC by Steve Dickson
Modified:	2007-11-30 22:12 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-08-16 15:59:16 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Steve Dickson 2007-08-16 15:03:39 UTC

Description of problem:
the open system call has be changed in the glibc so if
a mode is not passed in during an O_CREATE open, the
process is aborted.

Version-Release number of selected component (if applicable):


How reproducible:
main()
    int readonly = 0;
    char *fname = "/tmp/foo";

    open(fname, readonly? O_RDONLY : (O_RDWR|O_CREAT));
}
will cause the process to abort.

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Jakub Jelinek 2007-08-16 15:15:06 UTC

That's the same action as we use for -fstack-protector overflows, or for
-D_FORTIFY_SOURCE{,=2} check failures.  In all cases it is something that needs
immediate fix in the source, I'd add especially with open one that is very easy.

Comment 2 Peter Staubach 2007-08-16 15:25:11 UTC

Aren't those things that the application could not handle, at least easily?

A failing open system call is handleable.

A library should not be calling abort() or exit().

Comment 3 Jakub Jelinek 2007-08-16 15:28:58 UTC

Please don't reopen this, glibc won't change.

Comment 4 Peter Staubach 2007-08-16 15:40:20 UTC

THen who do we appeal to when incorrect decisions are made which can
affect _every_ application on the system?

Comment 5 Peter Staubach 2007-08-16 15:49:14 UTC

Were other, less drastic solutions considered?  Such as logging messages
with syslog()?

Comment 6 Jakub Jelinek 2007-08-16 15:59:16 UTC

Yes and they were dismissed.
This is a really serious bug, often with bad security consequences, exactly
the same as buffer overflows, app memory management errors on the heap, etc.
All cases are handled the same, by aborting with an error message and we were
doing that for years (some checks already in RHEL3, further ones added in RHEL4,
then new ones in RHEL5, then now in F8 again a new check).
With an abort you 1) stop the app from doing something that can have security
consequences immediately 2) very loudly tell the user the application is broken,
which allows immediate or almost immediate fixing of the problem.
You can look at history, all kinds of bugs reported this way are usually very
quickly fixed, whether it is memory management errors causing malloc to complain
and abort, or buffer overflow, etc.

Comment 7 Steve Dickson 2007-08-16 18:19:47 UTC

Here is the disscusion on the public Fedora Maintainers mailing list:

https://www.redhat.com/archives/fedora-maintainers/2007-August/msg00265.html

Note You need to log in before you can comment on or make changes to this bug.