Mercurial > hg > nginx

changeset 7176:7f28b61c92f0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixed capabilities version. Previously, capset(2) was called with the 64-bit capabilities version _LINUX_CAPABILITY_VERSION_3. With this version Linux kernel expected two copies of struct __user_cap_data_struct, while only one was submitted. As a result, random stack memory was accessed and random capabilities were requested by the worker. This sometimes caused capset() errors. Now the 32-bit version _LINUX_CAPABILITY_VERSION_1 is used instead. This is OK since CAP_NET_RAW is a 32-bit capability (CAP_NET_RAW = 13).
author Roman Arutyunyan <arut@nginx.com>
date Tue, 19 Dec 2017 19:00:27 +0300
parents 56923e8e01a5
children d91a8c4ac6bb
files auto/os/linux src/os/unix/ngx_process_cycle.c
diffstat 2 files changed, 2 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/auto/os/linux
+++ b/auto/os/linux
@@ -181,7 +181,7 @@ ngx_feature_libs=
 ngx_feature_test="struct __user_cap_data_struct    data;
                   struct __user_cap_header_struct  header;
 
-                  header.version = _LINUX_CAPABILITY_VERSION_3;
+                  header.version = _LINUX_CAPABILITY_VERSION_1;
                   data.effective = CAP_TO_MASK(CAP_NET_RAW);
                   data.permitted = 0;
 
--- a/src/os/unix/ngx_process_cycle.c
+++ b/src/os/unix/ngx_process_cycle.c
@@ -865,7 +865,7 @@ ngx_worker_process_init(ngx_cycle_t *cyc
             ngx_memzero(&header, sizeof(struct __user_cap_header_struct));
             ngx_memzero(&data, sizeof(struct __user_cap_data_struct));
 
-            header.version = _LINUX_CAPABILITY_VERSION_3;
+            header.version = _LINUX_CAPABILITY_VERSION_1;
             data.effective = CAP_TO_MASK(CAP_NET_RAW);
             data.permitted = data.effective;