Mercurial > hg > nginx
comparison src/core/ngx_core.h @ 4477:7033faf6dc3c
Added disable_symlinks directive.
To completely disable symlinks (disable_symlinks on)
we use openat(O_NOFOLLOW) for each path component
to avoid races.
To allow symlinks with the same owner (disable_symlinks if_not_owner),
use openat() (followed by fstat()) and fstatat(AT_SYMLINK_NOFOLLOW),
and then compare uids between fstat() and fstatat().
As there is a race between openat() and fstatat() we don't
know if openat() in fact opened symlink or not. Therefore,
we have to compare uids even if fstatat() reports the opened
component isn't a symlink (as we don't know whether it was
symlink during openat() or not).
Default value is off, i.e. symlinks are allowed.
author | Andrey Belov <defan@nginx.com> |
---|---|
date | Mon, 13 Feb 2012 16:29:04 +0000 |
parents | d620f497c50f |
children | 386a06a22c40 |
comparison
equal
deleted
inserted
replaced
4476:94ef9d25ec5b | 4477:7033faf6dc3c |
---|---|
89 #define ngx_max(val1, val2) ((val1 < val2) ? (val2) : (val1)) | 89 #define ngx_max(val1, val2) ((val1 < val2) ? (val2) : (val1)) |
90 #define ngx_min(val1, val2) ((val1 > val2) ? (val2) : (val1)) | 90 #define ngx_min(val1, val2) ((val1 > val2) ? (val2) : (val1)) |
91 | 91 |
92 void ngx_cpuinfo(void); | 92 void ngx_cpuinfo(void); |
93 | 93 |
94 #if (NGX_HAVE_OPENAT) | |
95 #define NGX_DISABLE_SYMLINKS_OFF 0 | |
96 #define NGX_DISABLE_SYMLINKS_ON 1 | |
97 #define NGX_DISABLE_SYMLINKS_NOTOWNER 2 | |
98 #endif | |
94 | 99 |
95 #endif /* _NGX_CORE_H_INCLUDED_ */ | 100 #endif /* _NGX_CORE_H_INCLUDED_ */ |