lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
personal/gstrauss/master
personal/stbuehler/ci-build
personal/stbuehler/fix-fdevent
personal/stbuehler/1.4.48-mod-proxy-fix
personal/stbuehler/cleanup-build
personal/stbuehler/mod-csrf
personal/stbuehler/mod-csrf-old
lighttpd-1.4.69
lighttpd-1.4.68
lighttpd-1.4.67
lighttpd-1.4.66
lighttpd-1.4.65
lighttpd-1.4.64
lighttpd-1.4.63
lighttpd-1.4.62
lighttpd-1.4.61
lighttpd-1.4.60
lighttpd-1.4.59
lighttpd-1.4.58
lighttpd-1.4.57
lighttpd-1.4.56
lighttpd-1.4.56-rc7
lighttpd-1.4.56-rc6
lighttpd-1.4.56-rc5
lighttpd-1.4.56-rc4
lighttpd-1.4.56-rc3
lighttpd-1.4.56-rc2
lighttpd-1.4.56-rc1
lighttpd-1.4.55
lighttpd-1.4.54
lighttpd-1.4.53
lighttpd-1.4.52
lighttpd-1.4.51
lighttpd-1.4.50
lighttpd-1.4.49
lighttpd-1.4.48
lighttpd-1.4.47
lighttpd-1.4.46
lighttpd-1.4.45
lighttpd-1.4.44
lighttpd-1.4.43
lighttpd-1.4.42
lighttpd-1.4.41
lighttpd-1.4.40
lighttpd-1.4.39
lighttpd-1.4.38
lighttpd-1.4.37
lighttpd-1.4.36
lighttpd-1.4.36--rc1
lighttpd-1.4.35
lighttpd-1.4.34
lighttpd-1.4.33
lighttpd-1.4.32
lighttpd-1.4.31
lighttpd-1.4.30
lighttpd-1.4.29
lighttpd-1.4.24
lighttpd-1.3.11
lighttpd-1.3.12
lighttpd-1.3.13
lighttpd-1.3.14
lighttpd-1.3.15
lighttpd-1.3.16
lighttpd-1.4.1
lighttpd-1.4.10
lighttpd-1.4.11
lighttpd-1.4.12
lighttpd-1.4.13
lighttpd-1.4.14
lighttpd-1.4.15
lighttpd-1.4.16
lighttpd-1.4.17
lighttpd-1.4.18
lighttpd-1.4.19
lighttpd-1.4.2
lighttpd-1.4.20
lighttpd-1.4.21
lighttpd-1.4.22
lighttpd-1.4.23
lighttpd-1.4.25
lighttpd-1.4.26
lighttpd-1.4.27
lighttpd-1.4.28
lighttpd-1.4.3
lighttpd-1.4.4
lighttpd-1.4.5
lighttpd-1.4.6
lighttpd-1.4.7
lighttpd-1.4.8
lighttpd-1.4.9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'acd5e450b5'
${ noResults }
lighttpd1.4/src
History
Glenn Strauss acd5e450b5 [security] disable stat_cache if !follow-symlink (fixes #2724) 
disable stat_cache if server.follow-symlink = "disable"
if server.stat-cache-engine = "simple".  Caching is still enabled
for server.stat-cache-engine = "fam" since the FAM notification is
almost immediate, however there is still a small race condition.

NOTE: server.follow-symlink = "disable" implementation still has
time-of-check versus time-of-use (ToC-ToU) race conditions and
its use is *not recommended* except to discourage symlinking.
It *does not* prevent symlinking by a determined attacker with
the ability to create files on the server.

server.stat-cache-engine = "disable" can also be used to discourage
symlinking, and also does not eliminate ToC-ToU race conditions.

While more modern systems might use openat() and other *at() routines
to eliminate the ToC-ToU race conditions, this is not currently
implemented in lighttpd.  Besides, for systems needing such
protections against actors able to modify local files, it would be
better to set up multiple lighttpd servers running in separate user
contexts with filesystem permissions preventing access, rather than
giving a single lighttpd server running under a single lighttpd user
access to files across security boundaries, and trying to prevent
access by lighttpd user if a file is a symlink.

Note that there are performance implications to setting either of
  server.follow-symlink = "disable"
  server.stat-cache-engine = "disable"
since stat cache normally reduces filesystem overhead for
frequently-accessed files.

x-ref:
  "security: stat cache *very large* race condition if caching when
follow_symlink disabled"
  https://redmine.lighttpd.net/issues/2724
 		7 years ago
..
CMakeLists.txt [build_cmake] clock_gettime() -lrt w/ glibc < 2.17 (fixes #2737) 7 years ago
Makefile.am [build] add $(ATTR_LIB) to liblightcomp_la_LIBADD 7 years ago
SConscript [mod_ssi] more flexible quoting (fixes #1768) 7 years ago
array.c fix some warnings reported by cppcheck 7 years ago
array.h [core] replace array weakref with vector 7 years ago
base.h [mod_accesslog] %a %A %C %D %k %{}t %{}T (fixes #1145, fixes #1415, fixes #2081) 7 years ago
base64.c [base64] fix another crash due to broken force_assert conditions 7 years ago
base64.h consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
buffer.c fix some warnings reported by cppcheck 7 years ago
buffer.h use li_[iu]tostrn() instead of li_[iu]tostr() 7 years ago
chunk.c [core] set chunkqueue tempdirs at startup 7 years ago
chunk.h [core] set chunkqueue tempdirs at startup 7 years ago
config.h.cmake build with libressl 7 years ago
configfile-glue.c [core] fix s6_addr type-punned compiler warning 7 years ago
configfile.c [core] set chunkqueue tempdirs at startup /var/tmp 7 years ago
configfile.h [core] replace array weakref with vector 7 years ago
configparser.y [core] $HTTP["remoteip"] must handle IPv6 w/o [] 7 years ago
connections-glue.c [TLS] read all available records from SSL_read() 7 years ago
connections.c [core] set chunkqueue tempdirs at startup 7 years ago
connections.h [mod_cgi] handle local redirect response (fixes #2108) 7 years ago
crc32.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
crc32.h consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
data_array.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
data_config.c [core] replace array weakref with vector 7 years ago
data_count.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
data_fastcgi.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
data_integer.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
data_string.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
etag.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
etag.h consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
fastcgi.h - white space cleanup part 2 this time 1.4 ;) 17 years ago
fdevent.c [core] remove assert in fdevent_unregister() 7 years ago
fdevent.h [core] add declarations to fdevent.h (#2373) 7 years ago
fdevent_freebsd_kqueue.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
fdevent_libev.c [core] fdevent_libev: workaround compiler warning 7 years ago
fdevent_linux_sysepoll.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
fdevent_poll.c fix error handling for portability (NetBSD) 7 years ago
fdevent_select.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
fdevent_solaris_devpoll.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
fdevent_solaris_port.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
first.h [core] define __STDC_WANT_LIB_EXT1__ (fixes #2722) 7 years ago
http-header-glue.c [cygwin] fix mod_proxy and mod_fastcgi ioctl use 7 years ago
http_auth.c [mod_auth] fix Digest auth to be better than Basic (fixes #1844) 7 years ago
http_auth.h pass buf size to li_tohex() 7 years ago
http_chunk.c [core] option to stream response body to client (fixes #949, #760, #1283, #1387) 7 years ago
http_chunk.h [core] buffer large responses to tempfiles (fixes #758, fixes #760, fixes #933, fixes #1387, #1283, fixes #2083) 7 years ago
inet_ntop_cache.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
inet_ntop_cache.h consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
joblist.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
joblist.h consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
keyvalue.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
keyvalue.h consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
lemon.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
lempar.c fix errors detected by Coverity Scan 7 years ago
lighttpd-angel.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
log.c [autobuild] clock_gettime() -lrt with glibc < 2.17 7 years ago
log.h [autobuild] clock_gettime() -lrt with glibc < 2.17 7 years ago
md5.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
md5.h consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
mod_access.c [mod_access] new directive url.access-allow (fixes #1421) 7 years ago
mod_accesslog.c [autobuild] clock_gettime() -lrt with glibc < 2.17 7 years ago
mod_alias.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
mod_auth.c [mod_auth] fix Digest auth to be better than Basic (fixes #1844) 7 years ago
mod_auth.h moved everything below trunk/ and added branches/ and tags/ 18 years ago
mod_cgi.c revert 1.4.40 swap of REQUEST_URI, REDIRECT_URI (fixes #2738) 7 years ago
mod_cml.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
mod_cml.h consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
mod_cml_funcs.c pass buf size to li_tohex() 7 years ago
mod_cml_funcs.h consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
mod_cml_lua.c [mod_ssi, mod_cml] set DOCUMENT_ROOT to basedir (fixes #2383) 7 years ago
mod_compress.c check close() return code after writing to file 7 years ago
mod_dirlisting.c minor: spelling changes in some comments/messages 7 years ago
mod_evasive.c [mod_evasive] 302 redirect option if limit reached (fixes #2199) 7 years ago
mod_evhost.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
mod_expire.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
mod_extforward.c [mod_extforward] reset cond_cache for scheme (fixes #1499) 7 years ago
mod_fastcgi.c revert 1.4.40 swap of REQUEST_URI, REDIRECT_URI (fixes #2738) 7 years ago
mod_flv_streaming.c http_response_backend_error() 7 years ago
mod_indexfile.c [mod_indexfile] save physical path to env (fixes #448, #892) 7 years ago
mod_magnet.c do not set REDIRECT_URI in mod_magnet, mod_rewrite (#2738) 7 years ago
mod_magnet_cache.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
mod_magnet_cache.h consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
mod_mysql_vhost.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
mod_proxy.c [security] do not emit HTTP_PROXY to CGI env 7 years ago
mod_redirect.c [mod_redirect,mod-rewrite] short-circuit if blank replacement (fixes #2085) 7 years ago
mod_rewrite.c do not set REDIRECT_URI in mod_magnet, mod_rewrite (#2738) 7 years ago
mod_rrdtool.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
mod_scgi.c revert 1.4.40 swap of REQUEST_URI, REDIRECT_URI (fixes #2738) 7 years ago
mod_secdownload.c minor: quiet some compiler warnings 7 years ago
mod_setenv.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
mod_simple_vhost.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
mod_skeleton.c minor: spelling changes in some comments/messages 7 years ago
mod_ssi.c [security] do not emit HTTP_PROXY to CGI env 7 years ago
mod_ssi.h [mod_ssi] more flexible quoting (fixes #1768) 7 years ago
mod_ssi_expr.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
mod_ssi_expr.h consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
mod_ssi_exprparser.y consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
mod_staticfile.c [core] http_response_send_file() shared code (#2017) 7 years ago
mod_status.c [mod_status] show keep-alive status w/ text output (fixes #2740) 7 years ago
mod_trigger_b4_dl.c minor: spelling changes in some comments/messages 7 years ago
mod_uploadprogress.c [mod_uploadprogress] fix mem leak (#1858) 7 years ago
mod_userdir.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
mod_usertrack.c remove long-deprecated, non-functional config opts 7 years ago
mod_webdav.c [mod_webdav] fix proppatch mem leak, other fixes (#fixes 1334, #fixes 2000) 7 years ago
network.c [core] check if EAI_ADDRFAMILY is defined 7 years ago
network.h [core] disable Nagle algorithm (TCP_NODELAY) 7 years ago
network_backends.h consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
network_darwin_sendfile.c [core] fallback to write if sendfile not supported (fixes #471, #987) 7 years ago
network_freebsd_sendfile.c [core] fallback to write if sendfile not supported (fixes #471, #987) 7 years ago
network_linux_sendfile.c [core] fallback to write if sendfile not supported (fixes #471, #987) 7 years ago
network_openssl.c [TLS] better handling of SSL_ERROR_WANT_READ/WRITE 7 years ago
network_solaris_sendfilev.c [core] fallback to write if sendfile not supported (fixes #471, #987) 7 years ago
network_write.c [cygwin] minor: fix compiler warning 7 years ago
network_write_mmap.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
network_write_no_mmap.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
network_writev.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
plugin.c fix error handling for portability (NetBSD) 7 years ago
plugin.h remove handle_joblist hook 7 years ago
proc_open.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
proc_open.h consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
request.c [core] permit IPv6 address scope identifier 7 years ago
request.h [config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016) 7 years ago
response.c [core] make server.max-request-size scopeable (fixes #1901) 7 years ago
response.h http_response_backend_error() 7 years ago
safe_memclear.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
safe_memclear.h consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
server.c [security] ensure gid != 0 if server.username set (fixes #2725) 7 years ago
server.h consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
settings.h consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
splaytree.c Fix header inclusion order, always include "config.h" before any system header 14 years ago
splaytree.h consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
stat_cache.c [security] disable stat_cache if !follow-symlink (fixes #2724) 7 years ago
stat_cache.h [core] open fd when appending file to cq (fixes #2655) 7 years ago
status_counter.c consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
status_counter.h consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
stream.c [config] support include file glob (fixes #1221) 7 years ago
stream.h [config] support include file glob (fixes #1221) 7 years ago
sys-mmap.h consistent inclusion of config.h at top of files (fixes #2073) 7 years ago
sys-socket.h [core] #include <sys/filio.h> for FIONREAD (fixes #2726) 7 years ago
test_base64.c [unittests] add test_buffer and test_base64 unit tests 7 years ago
test_buffer.c [unittests] add test_buffer and test_base64 unit tests 7 years ago
test_configfile.c fix errors detected by Coverity Scan 7 years ago
vector.c [core] add generic vector implementation 7 years ago
vector.h [core] add generic vector implementation 7 years ago
version.h consistent inclusion of config.h at top of files (fixes #2073) 7 years ago