IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-01-08 23:23:02 -06:00
Code Issues Packages Projects Releases Wiki Activity

Disable symlinks: don't allow creating or truncating a file via a symlink in

Browse Source 
the last path component if "if_not_owner" parameter is used.

To prevent race condition we have to open a file before checking its owner and
there's no way to change access flags for already opened file descriptor, so
we disable symlinks for the last path component at all if flags allow creating
or truncating the file.
This commit is contained in:
Valentin Bartenev 2012-02-21 15:04:41 +00:00
parent 8c27e6429a
commit 15b3173c5e
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/core/ngx_open_file_cache.c
View File

@ -678,7 +678,9 @@ ngx_open_file_wrapper(ngx_str_t *name, ngx_open_file_info_t *of,
goto failed;
}
if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_NOTOWNER) {
if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_NOTOWNER
&& !(create & (NGX_FILE_CREATE_OR_OPEN|NGX_FILE_TRUNCATE)))
{
fd = ngx_openat_file_owner(at_fd, p, mode, create, access, log);
} else {