Disable symlinks: don't allow creating or truncating a file via a symlink in

the last path component if "if_not_owner" parameter is used.

To prevent race condition we have to open a file before checking its owner and
there's no way to change access flags for already opened file descriptor, so
we disable symlinks for the last path component at all if flags allow creating
or truncating the file.

diff --git a/src/core/ngx_open_file_cache.c b/src/core/ngx_open_file_cache.c
index 9ce0308ce06ad391e4e7e6928811081124c5ea1d..7dd968f36a25ccea0dfd3e45ae1b3aeee36fc662 100644 (file)
--- a/src/core/ngx_open_file_cache.c
+++ b/src/core/ngx_open_file_cache.c
@@ -678,7 +678,9 @@ ngx_open_file_wrapper(ngx_str_t *name, ngx_open_file_info_t *of,
         goto failed;
     }
 
-    if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_NOTOWNER) {
+    if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_NOTOWNER
+        && !(create & (NGX_FILE_CREATE_OR_OPEN|NGX_FILE_TRUNCATE)))
+    {
         fd = ngx_openat_file_owner(at_fd, p, mode, create, access, log);
 
     } else {