Skip to content

matsumotory/mod_fileownercheck

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
.gitignore
.gitignore
 
 
LEGAL
LEGAL
 
 
MITL
MITL
 
 
README.md
README.md
 
 
mod_fileownercheck.c
mod_fileownercheck.c
 
 

Repository files navigation

mod_fileownercheck

mod_fileownercheck checks between owner of opened r->filename and that of current r->filename at output filter phase. This module resolves TOCTOU with FollowSymlinks and checks a permission of static contensts on VirtualHost.

ref. Apache does not honor -FollowSymlinks due to TOCTOU

  • Check whether matches between owner of opened r->filename and that of current r->filename
  • Check whether matches between owner of opened r->filename and that of symlink (r->filename) if r->filename is symlink
  • Check whether matches between owner of opened r->filename and that of r->filename cofigured by SuexecUserGroup

How to Use

Quick Install

apxs -c -i mod_fileownercheck.c

Config

Load Module

LoadModule fileownercheck_module modules/mod_fileownercheck.so

Enable suEXEC Check

Set Enable Owner Check Using SuexecUserGgroup config (On / Off default Off). If FOCSuexecEnable On, mod_fileowner checks between a owner of opened r->filename and a user configured by SuexecUserGroup.

<Directory /var/www/html/vhost/*/htdocs>
  FOCSuexecEnable On
</Directory>

License

under the MIT License:

About

This module resolve TOCTOU with FollowSymlinks

Resources

Readme
Activity

Stars

3 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages