Bug 509853 - glibc: fopen mode 'x' ignored in some cases [RHEL-5]
Summary: glibc: fopen mode 'x' ignored in some cases [RHEL-5]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: glibc
Version: 5.4
Hardware: All
OS: Linux
low
low
Target Milestone: rc
: ---
Assignee: Jakub Jelinek
QA Contact: BaseOS QE
URL:
Whiteboard:
Depends On: 503723
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-07-06 14:56 UTC by Tomas Hoger
Modified: 2009-09-02 11:46 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 503723
Environment:
Last Closed: 2009-09-02 11:46:08 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2009:1415 0 normal SHIPPED_LIVE glibc bug fix and enhancement update 2009-09-01 14:25:37 UTC

Description Tomas Hoger 2009-07-06 14:56:58 UTC
+++ This bug was initially created as a clone of Bug #503723 +++

Description of problem:
O_EXCL is not used if mode is "wbex", but O_EXCL is used if mode is "wbxe".

This bug can cause security vulnerabilities in software relying on this glibc extension.



This problem occurs with both 'e' (not supported by rhel5 glibc) and 'c' flags, when they are used before 'x'.  We're not treating this as security fix, as the extensive search did not find any affected uses of the 'x' glibc extension mode.  Should rather be treated as low-priority bugfix for rhel5, as this can only be an issue when mode as "wcx" is specified.

Comment 1 Tomas Hoger 2009-07-06 14:58:20 UTC
$ strace -eopen ./a.out ababab wcx 2>&1 | grep ababab ; rm -f ababab
open("ababab", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3

$ strace -eopen ./a.out ababab wxc 2>&1 | grep ababab ; rm -f ababab
open("ababab", O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0666) = 3

Comment 2 Jakub Jelinek 2009-07-13 17:57:23 UTC
We have to respin for #508395, in which case I think we should include this fix as well.

Comment 9 errata-xmlrpc 2009-09-02 11:46:08 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1415.html


Note You need to log in before you can comment on or make changes to this bug.