Ricardo Iramar dos Santos riramar at
Sun Aug 23 18:38:33 UTC 2015

Hi Tolga, thanks a lot for your replay! :)

Searching on the source code I found that ngx_execute_proc() has been
declared and invoked inside src/os/unix/ngx_process.c.

ricardo at matrix:~/Documents/nginx-1.9.3$ grep -ri ngx_execute_proc *
Binary file objs/src/os/unix/ngx_process.o matches
Binary file objs/nginx matches
src/os/unix/ngx_process.c:static void ngx_execute_proc(ngx_cycle_t
*cycle, void *data);
src/os/unix/ngx_process.c:    return ngx_spawn_process(cycle,
ngx_execute_proc, ctx, ctx->name,
src/os/unix/ngx_process.c:ngx_execute_proc(ngx_cycle_t *cycle, void *data)

The function ngx_execute_proc() is really small, take a look:

static void
ngx_execute_proc(ngx_cycle_t *cycle, void *data)
    ngx_exec_ctx_t  *ctx = data;

    if (execve(ctx->path, ctx->argv, ctx->envp) == -1) {
        ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno,
                      "execve() failed while executing %s \"%s\"",
                      ctx->name, ctx->path);


And this is the function which maybe ngx_execute_proc() is invoked.

ngx_execute(ngx_cycle_t *cycle, ngx_exec_ctx_t *ctx)
    return ngx_spawn_process(cycle, ngx_execute_proc, ctx, ctx->name,

I didn't get yet where in the code of upgrading process touch the
functions above.
I didn't find in ngx_exec_new_binary() (/src/core/nginx.c) invoking
ngx_execute_proc() directly.
I'm trying to find a "command injection" vulnerabilities so I need to
trace the parameters "ctx->path, ctx->argv and ctx->envp" and where
the users input some data on them.

Ricardo Iramar

On Sat, Aug 22, 2015 at 7:56 PM, Tolga Ceylan <tolga.ceylan at> wrote:
> On Sat, Aug 22, 2015 at 8:38 AM, Ricardo Iramar dos Santos
> <riramar at> wrote:
>> Hi All,
>> This is my first post so take easy on me. :)
>> I'm doing a security research about HTTP(S) web servers and I'm trying
>> to understand a little bit of nginx source code.
>> In my research I need to understand how the function ngx_execute_proc
>> works and in which use cases this function is invoked.
>> I tried to read the source code to understand but I'm not familiar
>> with nginx source code and there's no much comments on it.
>> I tried to find a specific material about the source code using google
>> or the resource pages but I couldn't find.
>> Is there any material that I can read and get a better understand of
>> how ngx_execute_proc works and in which use cases this function is
>> invoked?
>> Thanks in advanced!
>> Ricardo Iramar
>> _______________________________________________
>> nginx-devel mailing list
>> nginx-devel at
> AFAIK, ngx_execute_proc usage is limited to new binary swap (upgrading
> nginx binary.)
> See ngx_exec_new_binary() which will eventually invoke
> ngx_execute_proc() which is a
> wrapper over execve.
> For more info:
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at

More information about the nginx-devel mailing list