Red Hat Bugzilla – Bug 509853
glibc: fopen mode 'x' ignored in some cases [RHEL-5]
Last modified: 2009-09-02 07:46:08 EDT
+++ This bug was initially created as a clone of Bug #503723 +++ Description of problem: O_EXCL is not used if mode is "wbex", but O_EXCL is used if mode is "wbxe". This bug can cause security vulnerabilities in software relying on this glibc extension. This problem occurs with both 'e' (not supported by rhel5 glibc) and 'c' flags, when they are used before 'x'. We're not treating this as security fix, as the extensive search did not find any affected uses of the 'x' glibc extension mode. Should rather be treated as low-priority bugfix for rhel5, as this can only be an issue when mode as "wcx" is specified.
$ strace -eopen ./a.out ababab wcx 2>&1 | grep ababab ; rm -f ababab open("ababab", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3 $ strace -eopen ./a.out ababab wxc 2>&1 | grep ababab ; rm -f ababab open("ababab", O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0666) = 3
We have to respin for #508395, in which case I think we should include this fix as well.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-1415.html