[nginx] Fixed capabilities version.
Roman Arutyunyan
arut at nginx.com
Tue Dec 19 16:04:57 UTC 2017
details: http://hg.nginx.org/nginx/rev/7f28b61c92f0
branches:
changeset: 7176:7f28b61c92f0
user: Roman Arutyunyan <arut at nginx.com>
date: Tue Dec 19 19:00:27 2017 +0300
description:
Fixed capabilities version.
Previously, capset(2) was called with the 64-bit capabilities version
_LINUX_CAPABILITY_VERSION_3. With this version Linux kernel expected two
copies of struct __user_cap_data_struct, while only one was submitted. As a
result, random stack memory was accessed and random capabilities were requested
by the worker. This sometimes caused capset() errors. Now the 32-bit version
_LINUX_CAPABILITY_VERSION_1 is used instead. This is OK since CAP_NET_RAW is
a 32-bit capability (CAP_NET_RAW = 13).
diffstat:
auto/os/linux | 2 +-
src/os/unix/ngx_process_cycle.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diffs (24 lines):
diff -r 56923e8e01a5 -r 7f28b61c92f0 auto/os/linux
--- a/auto/os/linux Mon Dec 18 21:09:39 2017 +0300
+++ b/auto/os/linux Tue Dec 19 19:00:27 2017 +0300
@@ -181,7 +181,7 @@ ngx_feature_libs=
ngx_feature_test="struct __user_cap_data_struct data;
struct __user_cap_header_struct header;
- header.version = _LINUX_CAPABILITY_VERSION_3;
+ header.version = _LINUX_CAPABILITY_VERSION_1;
data.effective = CAP_TO_MASK(CAP_NET_RAW);
data.permitted = 0;
diff -r 56923e8e01a5 -r 7f28b61c92f0 src/os/unix/ngx_process_cycle.c
--- a/src/os/unix/ngx_process_cycle.c Mon Dec 18 21:09:39 2017 +0300
+++ b/src/os/unix/ngx_process_cycle.c Tue Dec 19 19:00:27 2017 +0300
@@ -865,7 +865,7 @@ ngx_worker_process_init(ngx_cycle_t *cyc
ngx_memzero(&header, sizeof(struct __user_cap_header_struct));
ngx_memzero(&data, sizeof(struct __user_cap_data_struct));
- header.version = _LINUX_CAPABILITY_VERSION_3;
+ header.version = _LINUX_CAPABILITY_VERSION_1;
data.effective = CAP_TO_MASK(CAP_NET_RAW);
data.permitted = data.effective;
More information about the nginx-devel
mailing list