Welcome! Log In Create A New Profile

Advanced

[nginx] svn commit: r4488 - trunk/src/core

Anonymous User
February 21, 2012 10:06AM
Author: vbart
Date: 2012-02-21 15:04:41 +0000 (Tue, 21 Feb 2012)
New Revision: 4488

Modified:
trunk/src/core/ngx_open_file_cache.c
Log:
Disable symlinks: don't allow creating or truncating files if "if_not_owner"
parameter is used.

To prevent race condition we have to open a file before checking its owner and
there's no way to change access flags for already opened file descriptor, so
we disable symlinks for the last path component at all if flags allow creating
or truncating the file.


Modified: trunk/src/core/ngx_open_file_cache.c
===================================================================
--- trunk/src/core/ngx_open_file_cache.c 2012-02-21 15:01:25 UTC (rev 4487)
+++ trunk/src/core/ngx_open_file_cache.c 2012-02-21 15:04:41 UTC (rev 4488)
@@ -678,7 +678,9 @@
goto failed;
}

- if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_NOTOWNER) {
+ if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_NOTOWNER
+ && !(create & (NGX_FILE_CREATE_OR_OPEN|NGX_FILE_TRUNCATE)))
+ {
fd = ngx_openat_file_owner(at_fd, p, mode, create, access, log);

} else {

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] svn commit: r4488 - trunk/src/core

Anonymous User 1533 February 21, 2012 10:06AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 259
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready