/mod_fileownercheck

This module resolve TOCTOU with FollowSymlinks
  1. C 100.0%
C
Switch branches/tags
Nothing to show
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Download ZIP

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching Xcode...

If nothing happens, download Xcode and try again.

Launching Visual Studio...

If nothing happens, download the GitHub extension for Visual Studio and try again.

Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.gitignore
LEGAL
MITL
README.md
mod_fileownercheck.c

README.md

mod_fileownercheck

mod_fileownercheck checks between owner of opened r->filename and that of current r->filename at output filter phase. This module resolves TOCTOU with FollowSymlinks and checks a permission of static contensts on VirtualHost.

ref. Apache does not honor -FollowSymlinks due to TOCTOU

  • Check whether matches between owner of opened r->filename and that of current r->filename
  • Check whether matches between owner of opened r->filename and that of symlink (r->filename) if r->filename is symlink
  • Check whether matches between owner of opened r->filename and that of r->filename cofigured by SuexecUserGroup

How to Use

Quick Install

apxs -c -i mod_fileownercheck.c

Config

Load Module

LoadModule fileownercheck_module modules/mod_fileownercheck.so

Enable suEXEC Check

Set Enable Owner Check Using SuexecUserGgroup config (On / Off default Off). If FOCSuexecEnable On, mod_fileowner checks between a owner of opened r->filename and a user configured by SuexecUserGroup.

<Directory /var/www/html/vhost/*/htdocs>
  FOCSuexecEnable On
</Directory>

License

under the MIT License: