This module resolve TOCTOU with FollowSymlinks
C
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.gitignore
LEGAL
MITL
README.md
mod_fileownercheck.c

README.md

mod_fileownercheck

mod_fileownercheck checks between owner of opened r->filename and that of current r->filename at output filter phase. This module resolves TOCTOU with FollowSymlinks and checks a permission of static contensts on VirtualHost.

ref. Apache does not honor -FollowSymlinks due to TOCTOU

  • Check whether matches between owner of opened r->filename and that of current r->filename
  • Check whether matches between owner of opened r->filename and that of symlink (r->filename) if r->filename is symlink
  • Check whether matches between owner of opened r->filename and that of r->filename cofigured by SuexecUserGroup

How to Use

Quick Install

apxs -c -i mod_fileownercheck.c

Config

Load Module

LoadModule fileownercheck_module modules/mod_fileownercheck.so

Enable suEXEC Check

Set Enable Owner Check Using SuexecUserGgroup config (On / Off default Off). If FOCSuexecEnable On, mod_fileowner checks between a owner of opened r->filename and a user configured by SuexecUserGroup.

<Directory /var/www/html/vhost/*/htdocs>
  FOCSuexecEnable On
</Directory>

License

under the MIT License: