Welcome! Log In Create A New Profile

Advanced

[nginx] svn commit: r4488 - trunk/src/core

Previous Message Next Message
Forum List Message List New Topic Print View
Anonymous User
February 21, 2012 10:06AM
Author: vbart
Date: 2012-02-21 15:04:41 +0000 (Tue, 21 Feb 2012)
New Revision: 4488

Modified:
trunk/src/core/ngx_open_file_cache.c
Log:
Disable symlinks: don't allow creating or truncating files if "if_not_owner"
parameter is used.

To prevent race condition we have to open a file before checking its owner and
there's no way to change access flags for already opened file descriptor, so
we disable symlinks for the last path component at all if flags allow creating
or truncating the file.


Modified: trunk/src/core/ngx_open_file_cache.c
===================================================================
--- trunk/src/core/ngx_open_file_cache.c 2012-02-21 15:01:25 UTC (rev 4487)
+++ trunk/src/core/ngx_open_file_cache.c 2012-02-21 15:04:41 UTC (rev 4488)
@@ -678,7 +678,9 @@
goto failed;
}

- if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_NOTOWNER) {
+ if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_NOTOWNER
+ && !(create & (NGX_FILE_CREATE_OR_OPEN|NGX_FILE_TRUNCATE)))
+ {
fd = ngx_openat_file_owner(at_fd, p, mode, create, access, log);

} else {

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[nginx] svn commit: r4488 - trunk/src/core

Anonymous User 1461 February 21, 2012 10:06AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 317
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready