From bd1e719bf9c4bc58076e7b52e87be645c9b803f5 Mon Sep 17 00:00:00 2001 From: Andrey Belov Date: Mon, 13 Feb 2012 16:29:04 +0000 Subject: Added disable_symlinks directive. To completely disable symlinks (disable_symlinks on) we use openat(O_NOFOLLOW) for each path component to avoid races. To allow symlinks with the same owner (disable_symlinks if_not_owner), use openat() (followed by fstat()) and fstatat(AT_SYMLINK_NOFOLLOW), and then compare uids between fstat() and fstatat(). As there is a race between openat() and fstatat() we don't know if openat() in fact opened symlink or not. Therefore, we have to compare uids even if fstatat() reports the opened component isn't a symlink (as we don't know whether it was symlink during openat() or not). Default value is off, i.e. symlinks are allowed. --- src/core/ngx_core.h | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src/core/ngx_core.h') diff --git a/src/core/ngx_core.h b/src/core/ngx_core.h index 1ae55163d..435ce64e7 100644 --- a/src/core/ngx_core.h +++ b/src/core/ngx_core.h @@ -91,5 +91,10 @@ typedef void (*ngx_connection_handler_pt)(ngx_connection_t *c); void ngx_cpuinfo(void); +#if (NGX_HAVE_OPENAT) +#define NGX_DISABLE_SYMLINKS_OFF 0 +#define NGX_DISABLE_SYMLINKS_ON 1 +#define NGX_DISABLE_SYMLINKS_NOTOWNER 2 +#endif #endif /* _NGX_CORE_H_INCLUDED_ */ -- cgit