* Makerules (sysd-rules): Define PTW for ptw-* files.

* Versions: Define GLIBC_2.7 for libc.
	* include/stdio.h: Declare __fortify_fail.
	* debug/fortify_fail.c: New file.
	* debug/Makefile (routines): Add fortify_fail.
	* debug/chk_fail.c: Use __fortify_fail.
	* debug/stack_chk_fail.c: Likewise.
	* io/Versions: Export __open_2, __open64_2, __openat_2, and
	__openat64_2 for GLIBC_2.7.
	* io/fcntl.h: When compiling with fortification, include bits/fcntl2.h.
	* io/open.c: Define *_2 variant of function which checks for O_CREAT
	and fails if necessary.
	* io/open64.c: Likewise.
	* io/openat.c: Likewise.
	* io/openat64.c: Likewise.
	* sysdeps/unix/sysv/linux/open64.c: Likewise.
	* sysdeps/unix/sysv/linux/openat.c: Likewise.
	* sysdeps/unix/sysv/linux/openat64.c: Likewise.
	* io/bits/fcntl2.h: New file.
	* include/fcntl.h: Declare __open_2, __open64_2, __openat_2, and
	__openat64_2.
	* include/bits/fcntl2.h: New file.
	* sysdeps/unix/sysv/linux/Makefile [subdir=io] (sysdep_routines):
	Add open_2.
	* sysdeps/unix/sysv/linux/open_2.c: New file.

ChangeLog

@@ -1,3 +1,31 @@
+2007-05-24  Ulrich Drepper  <drepper@redhat.com>
+
+	* Makerules (sysd-rules): Define PTW for ptw-* files.
+	* Versions: Define GLIBC_2.7 for libc.
+	* include/stdio.h: Declare __fortify_fail.
+	* debug/fortify_fail.c: New file.
+	* debug/Makefile (routines): Add fortify_fail.
+	* debug/chk_fail.c: Use __fortify_fail.
+	* debug/stack_chk_fail.c: Likewise.
+	* io/Versions: Export __open_2, __open64_2, __openat_2, and
+	__openat64_2 for GLIBC_2.7.
+	* io/fcntl.h: When compiling with fortification, include bits/fcntl2.h.
+	* io/open.c: Define *_2 variant of function which checks for O_CREAT
+	and fails if necessary.
+	* io/open64.c: Likewise.
+	* io/openat.c: Likewise.
+	* io/openat64.c: Likewise.
+	* sysdeps/unix/sysv/linux/open64.c: Likewise.
+	* sysdeps/unix/sysv/linux/openat.c: Likewise.
+	* sysdeps/unix/sysv/linux/openat64.c: Likewise.
+	* io/bits/fcntl2.h: New file.
+	* include/fcntl.h: Declare __open_2, __open64_2, __openat_2, and
+	__openat64_2.
+	* include/bits/fcntl2.h: New file.
+	* sysdeps/unix/sysv/linux/Makefile [subdir=io] (sysdep_routines):
+	Add open_2.
+	* sysdeps/unix/sysv/linux/open_2.c: New file.
+
 2007-05-21  Ulrich Drepper  <drepper@redhat.com>
 
 	* sysdeps/x86_64/cacheinfo.c (init_cacheinfo): Pass correct value

Makerules

@@ -1,4 +1,4 @@
-# Copyright (C) 1991-2002,2003,2004,2005,2006 Free Software Foundation, Inc.
+# Copyright (C) 1991-2006, 2007 Free Software Foundation, Inc.
 # This file is part of the GNU C Library.
 
 # The GNU C Library is free software; you can redistribute it and/or
@@ -240,9 +240,9 @@ $(common-objpfx)sysd-rules: $(common-objpfx)config.make $(..)Makerules \
 	     echo "\$$(objpfx)rtld-%$$o: $$dir/%.s \$$(before-compile); \
 		  \$$(compile-command.s)";			              \
 	     echo "\$$(objpfx)ptw-%$$o: $$dir/%.S \$$(before-compile); \
-		  \$$(compile-command.S)";				      \
+		  \$$(compile-command.S) -DPTW";			      \
 	     echo "\$$(objpfx)ptw-%$$o: $$dir/%.s \$$(before-compile); \
-		  \$$(compile-command.s)";			              \
+		  \$$(compile-command.s) -DPTW";		              \
 	     echo "\$$(objpfx)m_%$$o: $$dir/s_%.S \$$(before-compile); \
 		  \$$(compile-command.S)";				      \
 	     echo "\$$(objpfx)m_%$$o: $$dir/s_%.s \$$(before-compile); \
@@ -253,7 +253,7 @@ $(common-objpfx)sysd-rules: $(common-objpfx)config.make $(..)Makerules \
 	     echo "\$$(objpfx)rtld-%$$o: $$dir/%.c \$$(before-compile); \
 		  \$$(compile-command.c)";				      \
 	     echo "\$$(objpfx)ptw-%$$o: $$dir/%.c \$$(before-compile); \
-		  \$$(compile-command.c)";				      \
+		  \$$(compile-command.c) -DPTW";			      \
 	     echo "\$$(objpfx)m_%$$o: $$dir/s_%.c \$$(before-compile); \
 		  \$$(compile-command.c)";				      \
 	   done; \

Versions.def

@@ -23,6 +23,7 @@ libc {
   GLIBC_2.4
   GLIBC_2.5
   GLIBC_2.6
+  GLIBC_2.7
 %ifdef USE_IN_LIBIO
   HURD_CTHREADS_0.3
 %endif

debug/Makefile

@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2001,2004,2005,2006 Free Software Foundation, Inc.
+# Copyright (C) 1998-2001,2004,2005,2006,2007 Free Software Foundation, Inc.
 # This file is part of the GNU C Library.
 
 # The GNU C Library is free software; you can redistribute it and/or
@@ -42,7 +42,7 @@ routines  = backtrace backtracesyms backtracesymsfd noophooks \
 	    gethostname_chk getdomainname_chk wcrtomb_chk mbsnrtowcs_chk \
 	    wcsnrtombs_chk mbsrtowcs_chk wcsrtombs_chk mbstowcs_chk \
 	    wcstombs_chk \
-	    stack_chk_fail \
+	    stack_chk_fail fortify_fail \
 	    $(static-only-routines)
 static-only-routines := warning-nop stack_chk_fail_local
 

debug/chk_fail.c

@@ -1,4 +1,4 @@
-/* Copyright (C) 2004, 2005 Free Software Foundation, Inc.
+/* Copyright (C) 2004, 2005, 2007 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -26,9 +26,6 @@ void
 __attribute__ ((noreturn))
 __chk_fail (void)
 {
-  /* The loop is added only to keep gcc happy.  */
-  while (1)
-    __libc_message (2, "*** buffer overflow detected ***: %s terminated\n",
-		    __libc_argv[0] ?: "<unknown>");
+  __fortify_fail ("buffer overflow detected");
 }
 libc_hidden_def (__chk_fail)

debug/fortify_fail.c

@@ -0,0 +1,34 @@
+/* Copyright (C) 2007 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, write to the Free
+   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+   02111-1307 USA.  */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+
+extern char **__libc_argv attribute_hidden;
+
+void
+__attribute__ ((noreturn))
+__fortify_fail (msg)
+     const char *msg;
+{
+  /* The loop is added only to keep gcc happy.  */
+  while (1)
+    __libc_message (2, "*** %s ***: %s terminated\n",
+		    msg, __libc_argv[0] ?: "<unknown>");
+}

debug/stack_chk_fail.c

@@ -1,4 +1,4 @@
-/* Copyright (C) 2005 Free Software Foundation, Inc.
+/* Copyright (C) 2005, 2007 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -26,8 +26,5 @@ void
 __attribute__ ((noreturn))
 __stack_chk_fail (void)
 {
-  /* The loop is added only to keep gcc happy.  */
-  while (1)
-    __libc_message (1, "*** stack smashing detected ***: %s terminated\n",
-		    __libc_argv[0] ?: "<unknown>");
+  __fortify_fail ("stack smashing detected");
 }

include/bits/fcntl2.h

@@ -0,0 +1 @@
+#include "../../io/bits/fcntl2.h"

include/fcntl.h

@@ -24,6 +24,11 @@ extern int __openat64 (int __fd, __const char *__file, int __oflag, ...)
   __nonnull ((2));
 libc_hidden_proto (__openat64)
 
+extern int __open_2 (__const char *__path, int __oflag);
+extern int __open64_2 (__const char *__path, int __oflag);
+extern int __openat_2 (int __fd, __const char *__path, int __oflag);
+extern int __openat64_2 (int __fd, __const char *__path, int __oflag);
+
 
 /* Helper functions for the various *at functions.  For Linux.  */
 extern void __atfct_seterrno (int errval, int fd, const char *buf)

include/stdio.h

@@ -65,6 +65,7 @@ extern int __gen_tempname (char *__tmpl, int __kind);
 extern void __libc_fatal (__const char *__message)
      __attribute__ ((__noreturn__));
 extern void __libc_message (int do_abort, __const char *__fnt, ...);
+extern void __fortify_fail (const char *msg) __attribute__ ((noreturn));
 
 /* Acquire ownership of STREAM.  */
 extern void __flockfile (FILE *__stream);

io/Versions

@@ -116,4 +116,7 @@ libc {
   GLIBC_2.6 {
     utimensat; futimens;
   }
+  GLIBC_2.7 {
+    __open_2; __open64_2; __openat_2; __openat64_2;
+  }
 }

io/bits/fcntl2.h

@@ -0,0 +1,155 @@
+/* Checking macros for fcntl functions.
+   Copyright (C) 2007 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, write to the Free
+   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+   02111-1307 USA.  */
+
+#ifndef	_FCNTL_H
+# error "Never include <bits/fcntl2.h> directly; use <fcntl.h> instead."
+#endif
+
+/* Check that calls to open and openat with O_CREAT set have an
+   appropriate third/fourth parameter.  */
+#ifndef __USE_FILE_OFFSET64
+extern int __open_2 (__const char *__path, int __oflag);
+#else
+extern int __REDIRECT (__open_2, (__const char *__file, int __oflag),
+		       __open64_2) __nonnull ((1));
+#endif
+
+#define open(fname, flags, ...) \
+  ({ int ___r;								      \
+     /* If the compiler complains about an invalid type, excess elements, etc \
+	in the initialization this means a paraleter of the wrong type has    \
+	been passed to open. */					      \
+     int ___arr[] = { __VA_ARGS__ };					      \
+     if (__builtin_constant_p (flags) && (flags & O_CREAT) != 0)	      \
+       {								      \
+	 /* If the compile complains about the size of this array type the    \
+	    the mode parameter is missing since O_CREAT has been used.  */    \
+	 typedef int __open_missing_mode[(flags & O_CREAT) != 0		      \
+					 ? ((long int) sizeof (___arr)	      \
+					    - (long int) sizeof (int)) : 1];  \
+       }								      \
+     if (sizeof (___arr) == 0)						      \
+       ___r = __open_2 (fname, flags);					      \
+     else								      \
+       {								      \
+	 /* If the compile complains about the size of this array type too    \
+	    many parameters have been passed to open.  */		      \
+	 typedef int __open_too_many_args[-(sizeof (___arr) > sizeof (int))]; \
+	 ___r = open (fname, flags, ___arr[0]);				      \
+       }								      \
+     ___r;								      \
+  })
+
+
+#ifdef __USE_LARGEFILE64
+extern int __open64_2 (__const char *__path, int __oflag);
+
+# define open64(fname, flags, ...) \
+  ({ int ___r;								      \
+     /* If the compiler complains about an invalid type, excess elements, etc \
+	in the initialization this means a paraleter of the wrong type has    \
+	been passed to open64. */					      \
+     int ___arr[] = { __VA_ARGS__ };					      \
+     if (__builtin_constant_p (flags) && (flags & O_CREAT) != 0)	      \
+       {								      \
+	 /* If the compile complains about the size of this array type the    \
+	    the mode parameter is missing since O_CREAT has been used.  */    \
+	 typedef int __open_missing_mode[(flags & O_CREAT) != 0		      \
+					 ? ((long int) sizeof (___arr)	      \
+					    - (long int) sizeof (int)) : 1];  \
+       }								      \
+     if (sizeof (___arr) == 0)						      \
+       ___r = __open64_2 (fname, flags);				      \
+     else								      \
+       {								      \
+	 /* If the compile complains about the size of this array type too    \
+	    many parameters have been passed to open64.  */		      \
+	 typedef int __open_too_many_args[-(sizeof (___arr) > sizeof (int))]; \
+	 ___r = open64 (fname, flags, ___arr[0]);			      \
+       }								      \
+     ___r;								      \
+  })
+#endif
+
+#ifdef __USE_ATFILE
+# ifndef __USE_FILE_OFFSET64
+extern int __openat_2 (int __fd, __const char *__path, int __oflag);
+# else
+extern int __REDIRECT (__openat_2, (int __fd, __const char *__file,
+				    int __oflag), __openat64_2)
+     __nonnull ((1));
+# endif
+
+# define openat(fd, fname, flags, ...) \
+  ({ int ___r;								      \
+     /* If the compiler complains about an invalid type, excess elements, etc \
+	in the initialization this means a paraleter of the wrong type has    \
+	been passed to openat. */					      \
+     int ___arr[] = { __VA_ARGS__ };					      \
+     if (__builtin_constant_p (flags) && (flags & O_CREAT) != 0)	      \
+       {								      \
+	 /* If the compile complains about the size of this array type the    \
+	    the mode parameter is missing since O_CREAT has been used.  */    \
+	 typedef int __open_missing_mode[(flags & O_CREAT) != 0		      \
+					 ? ((long int) sizeof (___arr)	      \
+					    - (long int) sizeof (int)) : 1];  \
+       }								      \
+     if (sizeof (___arr) == 0)						      \
+       ___r = __openat_2 (fd, fname, flags);				      \
+     else								      \
+       {								      \
+	 /* If the compile complains about the size of this array type too    \
+	    many parameters have been passed to openat.  */		      \
+	 typedef int __open_too_many_args[-(sizeof (___arr) > sizeof (int))]; \
+	 ___r = openat (fd, fname, flags, ___arr[0]);			      \
+       }								      \
+     ___r;								      \
+  })
+
+
+# ifdef __USE_LARGEFILE64
+extern int __openat64_2 (int __fd, __const char *__path, int __oflag);
+
+#  define openat64(fd, fname, flags, ...) \
+  ({ int ___r;								      \
+     /* If the compiler complains about an invalid type, excess elements, etc \
+	in the initialization this means a paraleter of the wrong type has    \
+	been passed to openat64. */					      \
+     int ___arr[] = { __VA_ARGS__ };					      \
+     if (__builtin_constant_p (flags) && (flags & O_CREAT) != 0)	      \
+       {								      \
+	 /* If the compile complains about the size of this array type the    \
+	    the mode parameter is missing since O_CREAT has been used.  */    \
+	 typedef int __open_missing_mode[(flags & O_CREAT) != 0		      \
+					 ? ((long int) sizeof (___arr)	      \
+					    - (long int) sizeof (int)) : 1];  \
+       }								      \
+     if (sizeof (___arr) == 0)						      \
+       ___r = __openat64_2 (fd, fname, flags);				      \
+     else								      \
+       {								      \
+	 /* If the compile complains about the size of this array type too    \
+	    many parameters have been passed to openat.  */		      \
+	 typedef int __open_too_many_args[-(sizeof (___arr) > sizeof (int))]; \
+	 ___r = openat64 (fd, fname, flags, ___arr[0]);			      \
+       }								      \
+     ___r;								      \
+  })
+# endif
+#endif

io/fcntl.h

@@ -1,4 +1,4 @@
-/* Copyright (C) 1991,1992,1994-2001,2003,2004,2005,2006
+/* Copyright (C) 1991,1992,1994-2001,2003,2004,2005,2006,2007
 	Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
@@ -210,6 +210,12 @@ extern int posix_fallocate64 (int __fd, __off64_t __offset, __off64_t __len);
 # endif
 #endif
 
+
+/* Define some macros helping to catch common problems.  */
+#if __USE_FORTIFY_LEVEL > 0 && !defined __cplusplus
+# include <bits/fcntl2.h>
+#endif
+
 __END_DECLS
 
 #endif /* fcntl.h  */

io/open.c

@@ -1,4 +1,4 @@
-/* Copyright (C) 1991, 1995, 1996, 1997, 2002 Free Software Foundation, Inc.
+/* Copyright (C) 1991,1995,1996,1997,2002,2007 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -20,6 +20,9 @@
 #include <fcntl.h>
 #include <stdarg.h>
 #include <stddef.h>
+#include <stdio.h>
+
+extern char **__libc_argv attribute_hidden;
 
 /* Open FILE with access OFLAG.  If OFLAG includes O_CREAT,
    a third argument is the file protection.  */
@@ -51,4 +54,18 @@ libc_hidden_def (__open)
 stub_warning (open)
 
 weak_alias (__open, open)
+
+
+int
+__open_2 (file, oflag)
+     const char *file;
+     int oflag;
+{
+  if (oflag & O_CREAT)
+    __fortify_fail ("invalid open call: O_CREAT without mode");
+
+  return __open (file, oflag);
+}
+stub_warning (__open_2)
+
 #include <stub-tag.h>

io/open64.c

@@ -1,4 +1,4 @@
-/* Copyright (C) 1991, 1995, 1996, 1997, 1999, 2000, 2002
+/* Copyright (C) 1991, 1995, 1996, 1997, 1999, 2000, 2002, 2007
    Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
@@ -21,7 +21,7 @@
 #include <fcntl.h>
 #include <stdarg.h>
 #include <stddef.h>
-#include <bp-sym.h>
+#include <stdio.h>
 
 /* Open FILE with access OFLAG.  If OFLAG includes O_CREAT,
    a third argument is the file protection.  */
@@ -51,7 +51,21 @@ __libc_open64 (file, oflag)
 }
 strong_alias (__libc_open64, __open64)
 libc_hidden_def (__open64)
-weak_alias (__libc_open64, BP_SYM (open64))
+weak_alias (__libc_open64, open64)
 
 stub_warning (open64)
+
+
+int
+__open64_2 (file, oflag)
+     const char *file;
+     int oflag;
+{
+  if (oflag & O_CREAT)
+    __fortify_fail ("invalid open64 call: O_CREAT without mode");
+
+  return __open64 (file, oflag);
+}
+stub_warning (__open64_2)
+
 #include <stub-tag.h>

io/openat.c

@@ -1,4 +1,4 @@
-/* Copyright (C) 2005, 2006 Free Software Foundation, Inc.
+/* Copyright (C) 2005, 2006, 2007 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -20,6 +20,7 @@
 #include <fcntl.h>
 #include <stdarg.h>
 #include <stddef.h>
+#include <stdio.h>
 #include <sys/stat.h>
 
 /* Open FILE with access OFLAG.  Interpret relative paths relative to
@@ -68,4 +69,18 @@ libc_hidden_def (__openat)
 weak_alias (__openat, openat)
 stub_warning (openat)
 
+
+int
+__openat_2 (fd, file, oflag)
+     int fd;
+     const char *file;
+     int oflag;
+{
+  if (oflag & O_CREAT)
+    __fortify_fail ("invalid openat call: O_CREAT without mode");
+
+  return __openat (file, oflag);
+}
+stub_warning (__openat_2)
+
 #include <stub-tag.h>

io/openat64.c

@@ -1,4 +1,4 @@
-/* Copyright (C) 2005, 2006 Free Software Foundation, Inc.
+/* Copyright (C) 2005, 2006, 2007 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -20,6 +20,7 @@
 #include <fcntl.h>
 #include <stdarg.h>
 #include <stddef.h>
+#include <stdio.h>
 #include <sys/stat.h>
 
 /* Open FILE with access OFLAG.  Interpret relative paths relative to
@@ -68,4 +69,18 @@ libc_hidden_def (__openat64)
 weak_alias (__openat64, openat64)
 stub_warning (openat64)
 
+
+int
+__openat64_2 (fd, file, oflag)
+     int fd;
+     const char *file;
+     int oflag;
+{
+  if (oflag & O_CREAT)
+    __fortify_fail ("invalid openat64 call: O_CREAT without mode");
+
+  return __openat64 (file, oflag);
+}
+stub_warning (__openat_2)
+
 #include <stub-tag.h>

sysdeps/unix/sysv/linux/Makefile

@@ -137,7 +137,7 @@ endif
 
 ifeq ($(subdir),io)
 sysdep_routines += xstatconv internal_statvfs internal_statvfs64 \
-		   sync_file_range
+		   sync_file_range open_2
 endif
 
 ifeq ($(subdir),elf)

sysdeps/unix/sysv/linux/open64.c

@@ -1,4 +1,5 @@
-/* Copyright (C) 1991,1995-1997,1999,2000,2002 Free Software Foundation, Inc.
+/* Copyright (C) 1991,1995-1997,1999,2000,2002,2007
+   Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -19,7 +20,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <stdarg.h>
-#include <bp-sym.h>
+#include <stdio.h>
 #include <sysdep-cancel.h>
 
 /* Open FILE with access OFLAG.  If OFLAG includes O_CREAT,
@@ -48,6 +49,20 @@ __libc_open64 (const char *file, int oflag, ...)
 
   return result;
 }
-weak_alias (__libc_open64, BP_SYM (__open64))
-libc_hidden_weak (BP_SYM (__open64))
-weak_alias (__libc_open64, BP_SYM (open64))
+weak_alias (__libc_open64, __open64)
+libc_hidden_weak (__open64)
+weak_alias (__libc_open64, open64)
+
+
+#ifndef PTW
+int
+__open64_2 (file, oflag)
+     const char *file;
+     int oflag;
+{
+  if (oflag & O_CREAT)
+    __fortify_fail ("invalid open64 call: O_CREAT without mode");
+
+  return __open64 (file, oflag);
+}
+#endif

sysdeps/unix/sysv/linux/open_2.c

@@ -0,0 +1,32 @@
+/* Copyright (C) 2007 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, write to the Free
+   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+   02111-1307 USA.  */
+
+#include <fcntl.h>
+#include <stdio.h>
+
+
+int
+__open_2 (file, oflag)
+     const char *file;
+     int oflag;
+{
+  if (oflag & O_CREAT)
+    __fortify_fail ("invalid open call: O_CREAT without mode");
+
+  return __open (file, oflag);
+}

sysdeps/unix/sysv/linux/openat.c

@@ -1,4 +1,4 @@
-/* Copyright (C) 2005, 2006 Free Software Foundation, Inc.
+/* Copyright (C) 2005, 2006, 2007 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -30,6 +30,7 @@
 
 #ifndef OPENAT
 # define OPENAT openat
+# define __OPENAT_2 __openat_2
 
 # ifndef __ASSUME_ATFCTS
 /* Set errno after a failed call.  If BUF is not null,
@@ -173,3 +174,18 @@ __OPENAT (fd, file, oflag)
 }
 libc_hidden_def (__OPENAT)
 weak_alias (__OPENAT, OPENAT)
+
+
+int
+__OPENAT_2 (fd, file, oflag)
+     int fd;
+     const char *file;
+     int oflag;
+{
+  if (oflag & O_CREAT)
+#define MSG(s) MSG2 (s)
+#define MSG2(s) "invalid " #s " call: O_CREAT without mode"
+    __fortify_fail (MSG (OPENAT));
+
+  return __OPENAT (fd, file, oflag);
+}

sysdeps/unix/sysv/linux/openat64.c

@@ -1,4 +1,5 @@
 #define OPENAT openat64
+#define __OPENAT_2 __openat64_2
 #define MORE_OFLAGS O_LARGEFILE
 
 #include "openat.c"