You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modules-dev@httpd.apache.org by Peter Somogyi <ps...@gamax.hu> on 2007/06/04 18:06:22 UTC
make use of fs ACLs
Hi,
We would like to have an autoindex-like file serving functionality of apache
web server that avoids usage of .htaccess file, but uses filesystem's ACLs
instead. Moreover we don't want to require wwwrun to be allowed in every
file/dir ACLs.
For authentication we'd use e.g. mod_auth_external + pwauth.
Our aim is access checking:
- check whether a requested file is downloadable by the given user
- check whether the given user has access to the directory
- check which files are visible to the given user when listing a directory
content (e.g. via autoindex module)
So far readonly functionality is enough.
To achieve this, we have been thinking about writing a modification of
autoindex.c which forks a child executing a newly written tool which
_becomes_ the authenticated user and lists directory content. File open check
and file content read would be done by this tool as well. (I still don't know
where to modify/hook into file download and how to cache forking.)
I'm curious why such a feature is not yet already implemented. I don't stick
to autoindex, we just need a similar functionality over http.
Does anybody know any existing solution for this, or a better idea how to make
it?
We appreciate any comments on this.
Peter
Re: make use of fs ACLs
Posted by Dumindu Pallewela <pa...@gmail.com>.
Hi all,
In a module that I am writing, I need to share an object between
successive requests. My first go at it was to have a reference to this
object in the server configuration. But only after trying it out I found
that the server configuration is not shared between the child processes,
rather each process has it's own server configuration. (I want the
module to work despite the MPM used.)
So my question is how can I share an object between successive requests?
Thanks,
Dumindu.
Re: make use of fs ACLs
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Peter Somogyi wrote:
>
> Sorry, could you point there please? (I've already spent 4 hours for google
> and grep on trunk, asked expert people here but couldn't find anything.)
> Do you mean the hole is in the auth way (we can use mod_auth_pam instead), or
> in using fs ACLs instead of .htaccess?
Twofold; if there was a code execution vulnerability somewhere within the
in-process server stack, including scripting languages or running untrusted
code, those files a visible to nobody. Essentially you are sharing the p/w
list with everyone on the machine to crack the hashed passwords or search
for their match.
Secondly, unless ssl/tls is in use, the p/w's can be sniffed over the wire.
If these are also your ssh login accounts... well, you can figure out the
rest.
Re: make use of fs ACLs
Posted by Peter Somogyi <ps...@gamax.hu>.
Hi Nick,
> > We would like to have an autoindex-like file serving functionality of
> > apache web server that avoids usage of .htaccess file, but uses
> > filesystem's ACLs instead. Moreover we don't want to require wwwrun
> > to be allowed in every file/dir ACLs.
> >
> > For authentication we'd use e.g. mod_auth_external + pwauth.
>
> Please read up on why that's a huge security hole (I think it's
> described somewhere in apache's own documentation).
Sorry, could you point there please? (I've already spent 4 hours for google
and grep on trunk, asked expert people here but couldn't find anything.)
Do you mean the hole is in the auth way (we can use mod_auth_pam instead), or
in using fs ACLs instead of .htaccess?
Thank you in advance.
>
> > a newly written tool
> > which _becomes_ the authenticated user and lists directory content.
>
> That's what suexec (and its many cousins) are for.
Thanks, however I wanted my question to be applied to fs ACL usage solution
existence, not to becoming a user. Sorry for the misunderstanding.
BTW. this feature already exists for OpenAFS, but there permission is linked
with a PAG, not with a local user.
Peter
Re: make use of fs ACLs
Posted by Nick Kew <ni...@webthing.com>.
On Mon, 4 Jun 2007 18:06:22 +0200
Peter Somogyi <ps...@gamax.hu> wrote:
> Hi,
>
> We would like to have an autoindex-like file serving functionality of
> apache web server that avoids usage of .htaccess file, but uses
> filesystem's ACLs instead. Moreover we don't want to require wwwrun
> to be allowed in every file/dir ACLs.
>
> For authentication we'd use e.g. mod_auth_external + pwauth.
Please read up on why that's a huge security hole (I think it's
described somewhere in apache's own documentation).
> a newly written tool
> which _becomes_ the authenticated user and lists directory content.
That's what suexec (and its many cousins) are for.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/