Privilege Separation for Apache 1.3.34-0.2

Privilege Separation for Apache patch addresses the problem of an Apache WebDAV server only being able to write files as the apache u

Developer:   Jamie Clark & Michael Clark       more software by author → Price:  0.00 License:   The Apache License 2.0 File size:   20K Language:    OS:    Rating:   0 /5 (0 votes) Your vote:   enlarge screenshot

Privilege Separation for Apache patch addresses the problem of an Apache WebDAV server only being able to write files as the apache user (usually something like 'nobody' or 'www'). It addresses this problem in a secure way by adding privilege separation to the Apache web server (conceptually similar to ssh privilege separation).

A privilege seperated Apache can be used for instance to allow WebDAV access to ~user directories and also to allow the use of unix quotas. WebDAV clients are seamlessly integrated into both Windows and Mac OS X providing a convenient and secure method for remote access.

In Privilege Separation mode Apache continues to run as an unprivileged user although one additional secure process runs as 'root'. The 'root' privileged separated process communicates with the main apache process via unix sockets and has two purposes:

- Responds to PAM authentication requests (pam_unix authentication is not normally possible due to the unprivileged apache process not being able to access shadow passwords, but due to the privilege separated design this is now possible and secure). Authentication responses include a cryptographic cookie which encodes the users credentials and is verified in successive privileged filesystem requests made to the privsep process.
- Performs privileged filesystem operations on behalf of the unprivileged apache process as the privileges of the authenticated user. The cryptographic cookie is verified and then the effective userid is set and the filesystem operation is performed. Certain auditable points in the apache and mod_dav code have been changed to use the privsep calls which communicate via unix sockets (priv_open, priv_unlink, priv_rmdir, etc...). File descriptors are passed back over unix sockets for open calls.

Requirements:

The apache-privsep patches work inconjunction with mod_dav, mod_ssl and pam to provide secure authentication and access to directories exported with privilege separation. The patchset includes a patch for mod_dav.

Note: The apache privsep patch will currently only work on Linux due to internal glibc assumptions on how directory file descriptors are returned from opendir. It should be able to be modified easily for other unices that support file descriptor passing over unix domain sockets (assuming you can get access to directory file descriptors).
tags the apache  privilege separation  unix sockets  file descriptors  apache process  mod dav  descriptors are  over unix  directory file  apache privsep  the privsep  secure authentication  and secure  

Download Privilege Separation for Apache 1.3.34-0.2

 http://oss.metaparadigm.com/apache-privsep/apache-privsep-1.3.34-0.2.tar.gz

Authors software

Privilege Separation for Apache 1.3.34-0.2 (by Jamie Clark & Michael Clark) Privilege Separation for Apache patch addresses the problem of an Apache WebDAV server only being able to write files as the apache u

Similar software

Privilege Separation for Apache 1.3.34-0.2 (by Jamie Clark & Michael Clark) Privilege Separation for Apache patch addresses the problem of an Apache WebDAV server only being able to write files as the apache u

mod_dav 1.0.3-1.3.6 (by Greg Stein) mod_dav is an Apache module to provide DAV capabilities (RFC 2518) for your Apache web server. mod_dav currently implements a Clas

mod_haydn 0.0.6 (by Sterling Hughes) mod_haydn is an apache module which allows you to embed MSIL bytecodes (the foundation of Microsoft's CLR/.NET) into Apache

mod_authnz_external 3.1.0 (by Jan Wolter) mod_authnz_external is an Apache module used for authentication

mod_auth_nufw 2.2 (by Vincent Deffontaines) mod_auth_nufw is a Single Sign On Apache module which performs secure user identification and authentication, based on the Nufw firew

Mod_Auth_External 3.1.0 (by Nathan Neulinger) Mod_Auth_External and mod_authnz_external are Apache modules used for authentication

Apache-SSL 1.3.34+ssl_1.57 (by Ben Laurie and Adam Laurie) Apache-SSL package offers SSL extensions for Apache. Apache-SSL is a secure Webserver, based on Apache and SSLeay/OpenSSL

mod_ssl 2.8.28 (by Ralf S. Engelschall) mod_ssl module provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer

mod_auth_user_dir 1.0 (by Genos) mod_auth_user_dir is a module for Apache 2, you can create private user folders using WebDAV protocol

mod_auth_ibmdb2 0.8.2 (by Helmut K. C. Tessarek) mod_auth_ibmdb2 is an Apache authentication module using IBM DB2 as the backend database for storing user and group information

Other software in this category

SquirrelMail 1.5.1 (by The SquirrelMail Project Team) SquirrelMail is a standards-based Webmail package written in PHP4

Tiki CMS/Groupware 1.9.7 (by Luis Argerich)

Downloader for X 2.5.7 (by Chuchelo) Downloader for X is a tool for downloading files from the Internet via both HTT

Links 2.1pre26 (by Martin Pergel) Links is graphics and text mode WWW browser, similar to Lynx

Mozilla Firefox 1.5.0.8 (by Mozilla Project)