git.kaiwu.me - nginx.git/commit

]> git.kaiwu.me - nginx.git/commit

projects / nginx.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: 0e92c21) | patch

author	Roman Arutyunyan <arut@nginx.com>
	Tue, 19 Dec 2017 16:00:27 +0000 (19:00 +0300)
committer	Roman Arutyunyan <arut@nginx.com>
	Tue, 19 Dec 2017 16:00:27 +0000 (19:00 +0300)
commit	ce45ded2a8c1b0c0e601779bcc3e54668a14e271
tree	b800a8b63114b8ed561e3044f37cf8542c804954	tree \| snapshot
parent	0e92c213f51bae95605c19dfee843902e7c8a0ad	commit \| diff

Fixed capabilities version.

Previously, capset(2) was called with the 64-bit capabilities version
_LINUX_CAPABILITY_VERSION_3.  With this version Linux kernel expected two
copies of struct __user_cap_data_struct, while only one was submitted.  As a
result, random stack memory was accessed and random capabilities were requested
by the worker.  This sometimes caused capset() errors.  Now the 32-bit version
_LINUX_CAPABILITY_VERSION_1 is used instead.  This is OK since CAP_NET_RAW is
a 32-bit capability (CAP_NET_RAW = 13).

auto/os/linux		diff \| blob \| history
src/os/unix/ngx_process_cycle.c		diff \| blob \| history

nginx upstream