httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From KaiGai Kohei <>
Subject [RFC] A new hook: invoke_handler and web-application security
Date Wed, 08 Apr 2009 01:38:52 GMT

I've posted my idea to improve web-application security a few times
however, it could not interest folks unfortunatelly. :(
So, I would like to offer another approach for the purpose.
The attached patch is a proof of the concept of newer idea.
Any comments are welcome, and please feel free.

The attached patch adds the following hook:
  AP_DECLARE_HOOK(int,invoke_handler,(request_rec *r))

The server/core.c registers the ap_invoke_handler() as a default
fallback, and all the ap_invoke_handler() invocations are replaced
by ap_run_invoke_handler(), so we don't have any compatibility
issue as far as no modules uses the new hooks.

The purpose of this new hooks is to give modules a chance to assign
an appropriate privilege set before contents handler launched.

The mod_selinux.c is a typical example.
It acquires a control via the invoke_handler hook whenever someone
tries to invoke contents handler, then it compute what privilege
(called as security context) should be assigned during the contents
handler execution. If the computed privilege is same as the current
one, it just returns DECLINES. But, if the computed one is different
from the current, it creates a one-time worker thread and wait for
its completion. The worker thread set a new privilege on itself and
invokes ap_invoke_handler() with restricted privilege.

In the previous design proposal, I added hooks just before
ap_process_(async_)request(), but I noticed it cannot handle a case
of internal redirection.

BTW, Please note that the purpose of our efforts is to launch web
applications with individual privilege set, not to add new hooks.
Now I think the idea is the shortest distance to the goal, but
is there any other ideas? If you have anything, I would like to
see it.

OSS Platform Development Division, NEC
KaiGai Kohei <>

View raw message