ngx_execute_proc

Ricardo Iramar dos Santos riramar at gmail.com
Sun Aug 23 18:38:33 UTC 2015 

Hi Tolga, thanks a lot for your replay! :)

Searching on the source code I found that ngx_execute_proc() has been
declared and invoked inside src/os/unix/ngx_process.c.

ricardo at matrix:~/Documents/nginx-1.9.3$ grep -ri ngx_execute_proc *
Binary file objs/src/os/unix/ngx_process.o matches
Binary file objs/nginx matches
src/os/unix/ngx_process.c:static void ngx_execute_proc(ngx_cycle_t
*cycle, void *data);
src/os/unix/ngx_process.c:    return ngx_spawn_process(cycle,
ngx_execute_proc, ctx, ctx->name,
src/os/unix/ngx_process.c:ngx_execute_proc(ngx_cycle_t *cycle, void *data)

The function ngx_execute_proc() is really small, take a look:

static void
ngx_execute_proc(ngx_cycle_t *cycle, void *data)
{
    ngx_exec_ctx_t  *ctx = data;

    if (execve(ctx->path, ctx->argv, ctx->envp) == -1) {
        ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno,
                      "execve() failed while executing %s \"%s\"",
                      ctx->name, ctx->path);
    }

    exit(1);
}

And this is the function which maybe ngx_execute_proc() is invoked.

ngx_pid_t
ngx_execute(ngx_cycle_t *cycle, ngx_exec_ctx_t *ctx)
{
    return ngx_spawn_process(cycle, ngx_execute_proc, ctx, ctx->name,
                             NGX_PROCESS_DETACHED);
}

I didn't get yet where in the code of upgrading process touch the
functions above.
I didn't find in ngx_exec_new_binary() (/src/core/nginx.c) invoking
ngx_execute_proc() directly.
I'm trying to find a "command injection" vulnerabilities so I need to
trace the parameters "ctx->path, ctx->argv and ctx->envp" and where
the users input some data on them.

Thanks!
Ricardo Iramar

On Sat, Aug 22, 2015 at 7:56 PM, Tolga Ceylan <tolga.ceylan at gmail.com> wrote:
> On Sat, Aug 22, 2015 at 8:38 AM, Ricardo Iramar dos Santos
> <riramar at gmail.com> wrote:
>> Hi All,
>>
>> This is my first post so take easy on me. :)
>> I'm doing a security research about HTTP(S) web servers and I'm trying
>> to understand a little bit of nginx source code.
>> In my research I need to understand how the function ngx_execute_proc
>> works and in which use cases this function is invoked.
>> I tried to read the source code to understand but I'm not familiar
>> with nginx source code and there's no much comments on it.
>> I tried to find a specific material about the source code using google
>> or the resource pages but I couldn't find.
>> Is there any material that I can read and get a better understand of
>> how ngx_execute_proc works and in which use cases this function is
>> invoked?
>>
>> Thanks in advanced!
>> Ricardo Iramar
>>
>> _______________________________________________
>> nginx-devel mailing list
>> nginx-devel at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
> AFAIK, ngx_execute_proc usage is limited to new binary swap (upgrading
> nginx binary.)
>
> See ngx_exec_new_binary() which will eventually invoke
> ngx_execute_proc() which is a
> wrapper over execve.
>
> For more info:
>
> http://wiki.nginx.org/CommandLine#Upgrading_To_a_New_Binary_On_The_Fly
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel

More information about the nginx-devel mailing list