Changeset 7176:7f28b61c92f0 in nginx


Ignore:
Timestamp:
12/19/17 16:00:27 (2 months ago)
Author:
Roman Arutyunyan <arut@…>
Branch:
default
Message:

Fixed capabilities version.

Previously, capset(2) was called with the 64-bit capabilities version
_LINUX_CAPABILITY_VERSION_3. With this version Linux kernel expected two
copies of struct user_cap_data_struct, while only one was submitted. As a
result, random stack memory was accessed and random capabilities were requested
by the worker. This sometimes caused capset() errors. Now the 32-bit version
_LINUX_CAPABILITY_VERSION_1 is used instead. This is OK since CAP_NET_RAW is
a 32-bit capability (CAP_NET_RAW = 13).

Files:
2 edited

Legend:

Unmodified
Added
Removed
  • auto/os/linux

    r7175 r7176  
    182182                  struct __user_cap_header_struct  header;
    183183
    184                   header.version = _LINUX_CAPABILITY_VERSION_3;
     184                  header.version = _LINUX_CAPABILITY_VERSION_1;
    185185                  data.effective = CAP_TO_MASK(CAP_NET_RAW);
    186186                  data.permitted = 0;
  • src/os/unix/ngx_process_cycle.c

    r7175 r7176  
    866866            ngx_memzero(&data, sizeof(struct __user_cap_data_struct));
    867867
    868             header.version = _LINUX_CAPABILITY_VERSION_3;
     868            header.version = _LINUX_CAPABILITY_VERSION_1;
    869869            data.effective = CAP_TO_MASK(CAP_NET_RAW);
    870870            data.permitted = data.effective;
Note: See TracChangeset for help on using the changeset viewer.