diff options
| author | Andrew Clayton <a.clayton@nginx.com> | 2023-03-16 21:35:01 +0000 |
|---|---|---|
| committer | Andrew Clayton <a.clayton@nginx.com> | 2023-03-17 04:28:46 +0000 |
| commit | c18dd1f65b9eba988bb621a4b540fb6c7bda36c8 (patch) | |
| tree | 9eaab2789f526faad02bf883f67965967fcc70b8 | |
| parent | 7d0ceb82c71b9fc2c2884d2eeaba87fb546ef92b (diff) | |
| download | unit-c18dd1f65b9eba988bb621a4b540fb6c7bda36c8.tar.gz unit-c18dd1f65b9eba988bb621a4b540fb6c7bda36c8.tar.bz2 | |
Default PR_SET_NO_NEW_PRIVS to off.
This prctl(2) option was enabled in commit 0277d8f1 ("Isolation: Fix the
enablement of PR_SET_NO_NEW_PRIVS.") and this was being set by default.
This prctl(2) when enabled renders (amongst other things) the set-UID
and set-GID bits on executables ineffective after an execve(2).
This causes an issue for applications that want to execute the
sendmail(8) binary, this includes the PHP mail() function, which is
usually set-GID.
After some internal discussion it was decided to disable this option by
default.
Closes: <https://github.com/nginx/unit/issues/852>
Fixes: 0277d8f1 ("Isolation: Fix the enablement of PR_SET_NO_NEW_PRIVS.")
Fixes: e2b53e16 ("Added "rootfs" feature.")
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
| -rw-r--r-- | src/nxt_isolation.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/nxt_isolation.c b/src/nxt_isolation.c index 614d6bb5..cfa494a8 100644 --- a/src/nxt_isolation.c +++ b/src/nxt_isolation.c @@ -80,6 +80,10 @@ nxt_isolation_main_prefork(nxt_task_t *task, nxt_process_t *process, app_conf = process->data.app; cap_setid = rt->capabilities.setid; +#if (NXT_HAVE_PR_SET_NO_NEW_PRIVS) + process->isolation.new_privs = 1; +#endif + if (app_conf->isolation != NULL) { ret = nxt_isolation_set(task, app_conf->isolation, process); if (nxt_slow_path(ret != NXT_OK)) { |