Damien Clermonté's ModiWrap

[/] [..]

This is a .36 Euro page made to guide you until I have enough time and motivation to make a real one.

2002/10/04: A new version will be released soon! Stay tuned!

ModiWrap is a universal script wrapper for apache web servers (although it should work with other servers).

It was written after I saw existing cgiwrap and suexec were too limited for a wide scale and universal use, and mod_php too insecure.
Cgiwrap is also barely CGI compliant.

It can run any kind of scripts if you tell him what to do (SSI, CGI, PHP3, PHP4, ...) It can change uid, gid, resource limits (rlimits + alarm + nice), interpret a subset of .htaccess files (in cgiwrap mode), ... with LOTS of paranoid safety checks (wrapper user, destination user/shell, config/script/dir rights/paths, ...)
The wrapper is scriptable, so you can make a lot of changes without recompiling it.
Limits can be configured on the fly and per user thanks to an optional limits daemon (wrapper takes compile-time limits if it fails to get an answer from it).
Of course, only root can change this...

The wrapper is compatible with apache's suexec (if you enable it on compile time)
The wrapper also has its new own mode, called mwexec. To use it, you need to patch apache with the patch provided. It intercepts every execution of apache, allowing to do full secure ssi/cgi/php execution, and full .htaccess handling by apache, as you don't need to rewrite to the wrapper manually anymore!

Current version is 1.00
This the first public beta release. Feel free to send me suggestions, bug reports, ...
I'd be glad to know where you're using it too.
You're supposed to have some knowledge of Linux/Unix systems, please read RFC/HOWTOs and don't ask me lame questions!

The 1.0 GPL tarball is here (ChangeLog)
(The 0.99 is still here)

Run ./configure --help if you don't know what autoconf is.
For .htaccess passwords to work in cgiwrap mode, you must compile apache with SECURITY_HOLE_PASS_AUTHORIZATION defined (don't worry, authorization is deleted by wrapper, but you must then use it for all scripts to prevent any breach)

TODO (version):

Correct bugs if any
Better docs
Online docs and FAQ
deny/allow from

Damien Clermonté - damien.clermonte at free dot fr