Klaus Demo nginx / ce45ded
Fixed capabilities version. Previously, capset(2) was called with the 64-bit capabilities version _LINUX_CAPABILITY_VERSION_3. With this version Linux kernel expected two copies of struct __user_cap_data_struct, while only one was submitted. As a result, random stack memory was accessed and random capabilities were requested by the worker. This sometimes caused capset() errors. Now the 32-bit version _LINUX_CAPABILITY_VERSION_1 is used instead. This is OK since CAP_NET_RAW is a 32-bit capability (CAP_NET_RAW = 13). Roman Arutyunyan 4 years ago
2 changed file(s) with 2 addition(s) and 2 deletion(s). Raw diff Collapse all Expand all
180180 ngx_feature_test="struct __user_cap_data_struct data;
181181 struct __user_cap_header_struct header;
182182
183 header.version = _LINUX_CAPABILITY_VERSION_3;
183 header.version = _LINUX_CAPABILITY_VERSION_1;
184184 data.effective = CAP_TO_MASK(CAP_NET_RAW);
185185 data.permitted = 0;
186186
864864 ngx_memzero(&header, sizeof(struct __user_cap_header_struct));
865865 ngx_memzero(&data, sizeof(struct __user_cap_data_struct));
866866
867 header.version = _LINUX_CAPABILITY_VERSION_3;
867 header.version = _LINUX_CAPABILITY_VERSION_1;
868868 data.effective = CAP_TO_MASK(CAP_NET_RAW);
869869 data.permitted = data.effective;
870870