Comment 1 Magnus Granberg 2008-07-17 16:07:21 UTC

Created attachment 160646 [details, diff]
Fix O_CREAT bug in dhcdbd

Comment 2 Mark Loeser (RETIRED) 2008-11-23 19:51:53 UTC

This only seems to happen because of -DFORTIFY_SOURCE=2, so this shouldn't block our gcc-4.3 tracker.

I can confirm here using gcc 4.3.3 and same erros (O_CREATE related) without a hardened profile (and possibly without fortify_source).

(In reply to comment #3)
> I can confirm here using gcc 4.3.3 and same erros (O_CREATE related) without a
> hardened profile (and possibly without fortify_source).
> 

gcc-4.3.2-r3 and probably gcc-4.3.3 in portage enable fotify per default [1]
So this is probably a fortify problem.

[1] http://marc.info/?l=gentoo-dev&m=123162258513047&w=2

Oh, I didn't know that, anyway, I downgraded to gcc-4.3.2-r3 and it builds fine now, so it seems only to fail with the new 4.3.3

Yeah, dhcdbd no longer compiles with the default gcc 4.3.3 (I'm running x86_64, glibc 2.8).

Temporarily adding -U_FORTIFY_SOURCE to my CFLAGS and compiling dhcdbd with that allowed it to compile successfully.

Created attachment 181515 [details, diff]
fix_open_missing_mode

Comment 8 Magnus Granberg 2009-02-10 14:10:26 UTC

(In reply to comment #7)
> Created an attachment (id=181515) [edit]
> fix_open_missing_mode
> 

Will not work and you still don't have mode for O_CREAT
man open:
mode specifies the permissions to use in case a new file is created.  This argument must be supplied when O_CREAT is specified in flags......

(In reply to comment #8)
> (In reply to comment #7)
> > Created an attachment (id=181515) [edit]
> > fix_open_missing_mode
> > 
> 
> Will not work and you still don't have mode for O_CREAT
> man open:
> mode specifies the permissions to use in case a new file is created.  This
> argument must be supplied when O_CREAT is specified in flags......
> 
yes, is my type error. sorry, i´m reviewing this...

*** Bug 257342 has been marked as a duplicate of this bug. ***

Comment 11 Peter Alfredsen (RETIRED) 2009-02-17 23:26:34 UTC

*** Bug 257139 has been marked as a duplicate of this bug. ***

The issue is caused by dhcdbd-3.0-daemon.patch which for some reason when moving the following line:
"if ((fd = open (DHCDBD_PID_FILE, O_WRONLY | O_CREAT, 0644)) == -1)"
drops the ", 0644".  It compiles fine without the daemon patch for me, and also if I add ", 0644" back into the daemon patch.

Magnus, your patch looks good other than "0644" is equivalent to "S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH", so you're dropping read access for group and other from the original code.  (Note: This may be preferred, I really haven't dug into what the code is doing I'm just noting that it's different than the unpatched code before the dhcdbd-3.0-daemon.patch.)

Comment 13 Magnus Granberg 2009-02-18 01:23:15 UTC

(In reply to comment #12)
> The issue is caused by dhcdbd-3.0-daemon.patch which for some reason when
> moving the following line:
> "if ((fd = open (DHCDBD_PID_FILE, O_WRONLY | O_CREAT, 0644)) == -1)"
> drops the ", 0644".  It compiles fine without the daemon patch for me, and also
> if I add ", 0644" back into the daemon patch.
> 
> Magnus, your patch looks good other than "0644" is equivalent to "S_IRUSR |
> S_IWUSR | S_IRGRP | S_IROTH", so you're dropping read access for group and
> other from the original code.  (Note: This may be preferred, I really haven't
> dug into what the code is doing I'm just noting that it's different than the
> unpatched code before the dhcdbd-3.0-daemon.patch.)
> 
We have uset that patch on the hardened overlay for gcc 4 with no error so far. But if we need read access for grup to so add it. The caode should be fixed upstream.

Comment 14 SpanKY 2009-02-24 07:23:52 UTC

Comment on attachment 181515 [details, diff]
fix_open_missing_mode

this change is clearly wrong

Comment 15 Rémi Cardona (RETIRED) 2009-02-24 19:53:37 UTC

Steev,

do you mind if I commit this? I just got bit by this on a fresh ~amd64 stage3.

Thanks

Comment 16 Robert Buchholz (RETIRED) 2009-02-25 20:55:38 UTC

committed, thanks for the patch.