Bug 509853 - glibc: fopen mode 'x' ignored in some cases [RHEL-5]
glibc: fopen mode 'x' ignored in some cases [RHEL-5]
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: glibc (Show other bugs)
5.4
All Linux
low Severity low
: rc
: ---
Assigned To: Jakub Jelinek
BaseOS QE
:
Depends On: 503723
Blocks:
  Show dependency treegraph
 
Reported: 2009-07-06 10:56 EDT by Tomas Hoger
Modified: 2009-09-02 07:46 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 503723
Environment:
Last Closed: 2009-09-02 07:46:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2009-07-06 10:56:58 EDT
+++ This bug was initially created as a clone of Bug #503723 +++

Description of problem:
O_EXCL is not used if mode is "wbex", but O_EXCL is used if mode is "wbxe".

This bug can cause security vulnerabilities in software relying on this glibc extension.



This problem occurs with both 'e' (not supported by rhel5 glibc) and 'c' flags, when they are used before 'x'.  We're not treating this as security fix, as the extensive search did not find any affected uses of the 'x' glibc extension mode.  Should rather be treated as low-priority bugfix for rhel5, as this can only be an issue when mode as "wcx" is specified.
Comment 1 Tomas Hoger 2009-07-06 10:58:20 EDT
$ strace -eopen ./a.out ababab wcx 2>&1 | grep ababab ; rm -f ababab
open("ababab", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3

$ strace -eopen ./a.out ababab wxc 2>&1 | grep ababab ; rm -f ababab
open("ababab", O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0666) = 3
Comment 2 Jakub Jelinek 2009-07-13 13:57:23 EDT
We have to respin for #508395, in which case I think we should include this fix as well.
Comment 9 errata-xmlrpc 2009-09-02 07:46:08 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1415.html

Note You need to log in before you can comment on or make changes to this bug.