Description of problem: An off-by-one bug in glibc means that valid file modes to fopen() are not always honored. In particular, this could be considered a security hole if someone used fopen(file,"rb+cmxe") to prevent leaking an fd into child processes, or fopen(file,"rb+cmex") to avoid overwriting existing files. Version-Release number of selected component (if applicable): glibc-2.12-1.25.el6.x86_64 How reproducible: 100% Steps to Reproduce: 1. $ cat foo.c #include <stdio.h> #include <fcntl.h> #include <stdlib.h> int main (void) { FILE *f = fopen ("/dev/null", "rb+cmxe"); if (!f) exit (1); int fd = fileno (f); if (fd < 0) exit (2); int mode = fcntl (fd, F_GETFD); if (mode < 0) exit (3); return !(mode & FD_CLOEXEC); } $ ./foo; echo $? Actual results: 1 Expected results: 0 Additional info: http://sourceware.org/bugzilla/show_bug.cgi?id=12685
Correction - 'r' and 'x' don't generally make sense together; a better example (slightly) more likely to appear in a mode argument would be "wb+cmxe" or "wb+cmex". And since 'c', 'm', and 'e' are glibc extensions, and 'x' is not valid until C1x, and 'b' is documented as a no-op on glibc, one could argue that anyone wanting to use all of 'c', 'm', 'e', '+', and 'x' has no business also using 'b', thus avoiding the off-by-one problem.
glibc-2.13.90-10 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/glibc-2.13.90-10
Package glibc-2.13.90-10: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing glibc-2.13.90-10' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/glibc-2.13.90-10 then log in and leave karma (feedback).
Package glibc-2.13.90-11: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing glibc-2.13.90-11' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/glibc-2.13.90-11 then log in and leave karma (feedback).
Package glibc-2.13.90-12: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing glibc-2.13.90-12' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/glibc-2.13.90-12 then log in and leave karma (feedback).
Package glibc-2.13.90-13: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing glibc-2.13.90-13' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/glibc-2.13.90-13 then log in and leave karma (feedback).
Package glibc-2.13.90-14: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing glibc-2.13.90-14' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/glibc-2.13.90-14 then log in and leave karma (feedback).
Package glibc-2.14-1: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing glibc-2.14-1' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/glibc-2.14-1 then log in and leave karma (feedback).
Package glibc-2.14-2: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing glibc-2.14-2' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/glibc-2.14-2 then log in and leave karma (feedback).
glibc-2.14-2 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.