mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-07 17:52:38 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixed capabilities version.

Browse Source 
Previously, capset(2) was called with the 64-bit capabilities version
_LINUX_CAPABILITY_VERSION_3.  With this version Linux kernel expected two
copies of struct __user_cap_data_struct, while only one was submitted.  As a
result, random stack memory was accessed and random capabilities were requested
by the worker.  This sometimes caused capset() errors.  Now the 32-bit version
_LINUX_CAPABILITY_VERSION_1 is used instead.  This is OK since CAP_NET_RAW is
a 32-bit capability (CAP_NET_RAW = 13).
This commit is contained in:
Roman Arutyunyan 2017-12-19 19:00:27 +03:00
parent 0e92c213f5
commit ce45ded2a8
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
auto/os/linux
View File

@ -181,7 +181,7 @@ ngx_feature_libs=
ngx_feature_test="struct __user_cap_data_struct data; ngx_feature_test="struct __user_cap_data_struct data;
struct __user_cap_header_struct header; struct __user_cap_header_struct header;
header.version = _LINUX_CAPABILITY_VERSION_3; header.version = _LINUX_CAPABILITY_VERSION_1;
data.effective = CAP_TO_MASK(CAP_NET_RAW); data.effective = CAP_TO_MASK(CAP_NET_RAW);
data.permitted = 0; data.permitted = 0;

2
src/os/unix/ngx_process_cycle.c
View File

@ -865,7 +865,7 @@ ngx_worker_process_init(ngx_cycle_t *cycle, ngx_int_t worker)
ngx_memzero(&header, sizeof(struct __user_cap_header_struct)); ngx_memzero(&header, sizeof(struct __user_cap_header_struct));
ngx_memzero(&data, sizeof(struct __user_cap_data_struct)); ngx_memzero(&data, sizeof(struct __user_cap_data_struct));
header.version = _LINUX_CAPABILITY_VERSION_3; header.version = _LINUX_CAPABILITY_VERSION_1;
data.effective = CAP_TO_MASK(CAP_NET_RAW); data.effective = CAP_TO_MASK(CAP_NET_RAW);
data.permitted = data.effective; data.permitted = data.effective;