summary refs log tree commit homepage
path: root/lib/unicorn/worker.rb
diff options
context:
space:
mode:
authorJeremy Evans <code@jeremyevans.net>2017-03-08 10:19:02 -0800
committerEric Wong <e@80x24.org>2017-03-10 20:27:41 +0000
commitea1a4360d66a833d75fbd887388d8cd4fe4ae299 (patch)
treec2f631143f2acb5fcfd092097ee6db42ad55f762 /lib/unicorn/worker.rb
parent59e39cbc68c49623949b3e5c2d7e113e96e90a27 (diff)
The worker_exec configuration option makes all worker processes
exec after forking.  This initializes the worker processes with
separate memory layouts, defeating address space discovery
attacks on operating systems supporting address space layout
randomization, such as Linux, MacOS X, NetBSD, OpenBSD, and
Solaris.

Support for execing workers is very similar to support for reexecing
the master process.  The main difference is the worker's to_i and
master pipes also need to be inherited after worker exec just as the
listening sockets need to be inherited after reexec.

Because execing working is similar to reexecing the master, this
extracts a couple of methods from reexec (listener_sockets and
close_sockets_on_exec), so they can be reused in worker_spawn.
Diffstat (limited to 'lib/unicorn/worker.rb')
-rw-r--r--lib/unicorn/worker.rb5
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/unicorn/worker.rb b/lib/unicorn/worker.rb
index e22c1bf..8bbac5e 100644
--- a/lib/unicorn/worker.rb
+++ b/lib/unicorn/worker.rb
@@ -12,18 +12,19 @@ class Unicorn::Worker
   # :stopdoc:
   attr_accessor :nr, :switched
   attr_reader :to_io # IO.select-compatible
+  attr_reader :master
 
   PER_DROP = Raindrops::PAGE_SIZE / Raindrops::SIZE
   DROPS = []
 
-  def initialize(nr)
+  def initialize(nr, pipe=nil)
     drop_index = nr / PER_DROP
     @raindrop = DROPS[drop_index] ||= Raindrops.new(PER_DROP)
     @offset = nr % PER_DROP
     @raindrop[@offset] = 0
     @nr = nr
     @switched = false
-    @to_io, @master = Unicorn.pipe
+    @to_io, @master = pipe || Unicorn.pipe
   end
 
   def atfork_child # :nodoc: