https://github.com/matsumotory/mod_fileownercheck

This module resolve TOCTOU with FollowSymlinks
https://github.com/matsumotory/mod_fileownercheck

Last synced: about 2 months ago
JSON representation

This module resolve TOCTOU with FollowSymlinks

• Host: GitHub
• URL: https://github.com/matsumotory/mod_fileownercheck
• Owner: matsumotory
• Created: 2014-07-24T03:33:26.000Z (over 10 years ago)
• Default Branch: master
• Last Pushed: 2014-07-31T12:14:38.000Z (over 10 years ago)
• Last Synced: 2024-10-18T18:28:38.120Z (3 months ago)
• Language: C
• Homepage:
• Size: 227 KB
• Stars: 3
• Watchers: 4
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# mod_fileownercheck

mod_fileownercheck checks between owner of opened r->filename and that of current r->filename at output filter phase. This module resolves TOCTOU with FollowSymlinks and checks a permission of static contensts on VirtualHost.

ref. [Apache does not honor -FollowSymlinks due to TOCTOU](https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811428)

- Check whether matches between owner of opened r->filename and that of current r->filename

- Check whether matches between owner of opened r->filename and that of symlink (r->filename) if r->filename is symlink

- Check whether matches between owner of opened r->filename and that of r->filename cofigured by ``SuexecUserGroup``

## How to Use

### Quick Install

```

apxs -c -i mod_fileownercheck.c

```

### Config

#### Load Module

```apache

LoadModule fileownercheck_module modules/mod_fileownercheck.so

```

#### Enable suEXEC Check

Set Enable Owner Check Using ``SuexecUserGgroup`` config (On / Off default Off).

If ``FOCSuexecEnable On``, mod_fileowner checks between a owner of opened ``r->filename`` and a user configured by ``SuexecUserGroup``.

```apache

  FOCSuexecEnable On

```

## License

under the MIT License:

* http://www.opensource.org/licenses/mit-license.php