unit.git - Universal Web Application Server

diff options

author	Andrew Clayton <a.clayton@nginx.com>	2023-03-16 21:35:01 +0000
committer	Andrew Clayton <a.clayton@nginx.com>	2023-03-17 04:28:46 +0000
commit	c18dd1f65b9eba988bb621a4b540fb6c7bda36c8 (patch)
tree	9eaab2789f526faad02bf883f67965967fcc70b8 /src/nxt_controller.c
parent	7d0ceb82c71b9fc2c2884d2eeaba87fb546ef92b (diff)
download	unit-c18dd1f65b9eba988bb621a4b540fb6c7bda36c8.tar.gz unit-c18dd1f65b9eba988bb621a4b540fb6c7bda36c8.tar.bz2

Default PR_SET_NO_NEW_PRIVS to off.

This prctl(2) option was enabled in commit 0277d8f1 ("Isolation: Fix the enablement of PR_SET_NO_NEW_PRIVS.") and this was being set by default. This prctl(2) when enabled renders (amongst other things) the set-UID and set-GID bits on executables ineffective after an execve(2). This causes an issue for applications that want to execute the sendmail(8) binary, this includes the PHP mail() function, which is usually set-GID. After some internal discussion it was decided to disable this option by default. Closes: <https://github.com/nginx/unit/issues/852> Fixes: 0277d8f1 ("Isolation: Fix the enablement of PR_SET_NO_NEW_PRIVS.") Fixes: e2b53e16 ("Added "rootfs" feature.") Signed-off-by: Andrew Clayton <a.clayton@nginx.com>

Diffstat (limited to 'src/nxt_controller.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: