Skip to content

/ mod_fileownercheck

This module resolve TOCTOU with FollowSymlinks

3 stars 0 forks
Star
Notifications
master
Switch branches/tags
1 branch 0 tags
Code
Clone

Use Git or checkout with SVN using the web URL.

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.gitignore
 
 
LEGAL
 
 
MITL
 
 
README.md
 
 
mod_fileownercheck.c
 
 
mod_fileownercheck How to Use Quick Install Config Load Module Enable suEXEC Check License

README.md

mod_fileownercheck

mod_fileownercheck checks between owner of opened r->filename and that of current r->filename at output filter phase. This module resolves TOCTOU with FollowSymlinks and checks a permission of static contensts on VirtualHost.

ref. Apache does not honor -FollowSymlinks due to TOCTOU

  • Check whether matches between owner of opened r->filename and that of current r->filename
  • Check whether matches between owner of opened r->filename and that of symlink (r->filename) if r->filename is symlink
  • Check whether matches between owner of opened r->filename and that of r->filename cofigured by SuexecUserGroup

How to Use

Quick Install

apxs -c -i mod_fileownercheck.c

Config

Load Module

LoadModule fileownercheck_module modules/mod_fileownercheck.so

Enable suEXEC Check

Set Enable Owner Check Using SuexecUserGgroup config (On / Off default Off). If FOCSuexecEnable On, mod_fileowner checks between a owner of opened r->filename and a user configured by SuexecUserGroup.

<Directory /var/www/html/vhost/*/htdocs>
  FOCSuexecEnable On
</Directory>

License

under the MIT License:

About

This module resolve TOCTOU with FollowSymlinks

Resources

Readme

Releases

No releases published

Packages

No packages published

Languages