#2214 closed defect (invalid)

The NGX_CHANGEBIN_SIGNAL-induced restart does not preserve the original environment variables

Reported by: Aristarkh Zagorodnikov Owned by:
Priority: minor Milestone:
Component: nginx-core Version:
Keywords: Cc:
uname -a: Linux rainbow1-21 5.8.0-59-generic #66~20.04.1-Ubuntu SMP Thu Jun 17 11:14:10 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.21.1
built by gcc 9.3.0 (Ubuntu 9.3.0-10ubuntu2)
built with OpenSSL 1.1.1f 31 Mar 2020
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fdebug-prefix-map=/data/builder/debuild/nginx-1.21.1/debian/debuild-base/nginx-1.21.1=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'

Description

Hi,

The NGX_CHANGEBIN_SIGNAL (SIGUSR2) currently does not preserve the externally-set environment when restarting the master process. For example, consider the LD_PRELOAD environment variable that is set in the systemd override configuration file. When NGX_CHANGEBIN_SIGNAL is set to nginx master process, it does not start the new process with the environment variable LD_PRELOAD set. Adding this variable to NGINX configuration via the env directive doesn't help, because it properly affects the dynamic linking for the child processes.
I believe that the NGX_CHANGEBIN_SIGNAL handler should preserve the environment when launching a new master process because if it is not preserved, different shared libraries could silently be loaded after a binary upgrade.

Thanks for taking a look.

Change History (2)

comment:1 by Maxim Dounin, 23 months ago

Adding this variable to NGINX configuration via the env directive doesn't help, because it properly affects the dynamic linking for the child processes.

Could you please elaborate a bit more on why the env directive does not work for you?

Note that the env directive is explicitly documented to control, among others, the environment variables "inherited during a live upgrade of an executable file", that is, exactly the behaviour you observe.

comment:2 by Maxim Dounin, 23 months ago

Resolution: invalid
Status: newclosed

Feedback timeout.

Note: See TracTickets for help on using tickets.