Implemented SecUploadFileMode. See #448.

CHANGES

@@ -1,6 +1,8 @@
-23 Jan 2008 - 2.1.6-rc1
+24 Jan 2008 - 2.1.6-rc1
 -----------------------
 
+ * Implemented SecUploadFileMode to allow setting the mode for uploaded files.
+
  * No longer log the query portion of the URI in the error log as
    it may contain sensitive data.
 

apache2/apache2_config.c

@@ -69,6 +69,7 @@ void *create_directory_config(apr_pool_t *mp, char *path) {
     dcfg->upload_dir = NOT_SET_P;
     dcfg->upload_keep_files = NOT_SET;
     dcfg->upload_validates_files = NOT_SET;
+    dcfg->upload_filemode = NOT_SET;
 
     /* These are only used during the configuration process. */
     dcfg->tmp_chain_starter = NULL;
@@ -346,6 +347,8 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child) {
         ? parent->upload_keep_files : child->upload_keep_files);
     merged->upload_validates_files = (child->upload_validates_files == NOT_SET
         ? parent->upload_validates_files : child->upload_validates_files);
+    merged->upload_filemode = (child->upload_filemode == NOT_SET
+        ? parent->upload_filemode : child->upload_filemode);
 
     /* Misc */
     merged->data_dir = (child->data_dir == NOT_SET_P
@@ -407,6 +410,7 @@ void init_directory_config(directory_config *dcfg) {
     if (dcfg->upload_dir == NOT_SET_P) dcfg->upload_dir = NULL;
     if (dcfg->upload_keep_files == NOT_SET) dcfg->upload_keep_files = KEEP_FILES_OFF;
     if (dcfg->upload_validates_files == NOT_SET) dcfg->upload_validates_files = 0;
+    if (dcfg->upload_filemode == NOT_SET) dcfg->upload_filemode = 0600;
 
     /* Misc */
     if (dcfg->data_dir == NOT_SET_P) dcfg->data_dir = NULL;
@@ -1058,6 +1062,26 @@ static const char *cmd_upload_dir(cmd_parms *cmd, void *_dcfg, const char *p1) {
     return NULL;
 }
 
+static const char *cmd_upload_filemode(cmd_parms *cmd, void *_dcfg, const char *p1) {
+    directory_config *dcfg = (directory_config *)_dcfg;
+
+    if (dcfg == NULL) return NULL;
+
+    if (strcasecmp(p1, "default") == 0) {
+        dcfg->upload_filemode = NOT_SET;
+    }
+    else {
+        long int mode = strtol(p1, NULL, 8); /* expects octal mode */
+        if ((mode == LONG_MAX)||(mode == LONG_MIN)||(mode <= 0)||(mode > 0777)) {
+            return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecUploadFileMode: %s", p1);
+        }
+        
+        dcfg->upload_filemode = (int)mode;
+    }
+
+    return NULL;
+}
+
 static const char *cmd_upload_keep_files(cmd_parms *cmd, void *_dcfg, const char *p1) {
     directory_config *dcfg = (directory_config *)_dcfg;
 
@@ -1362,6 +1386,14 @@ const command_rec module_directives[] = {
         "" // TODO
     ),
 
+    AP_INIT_TAKE1 (
+        "SecUploadFileMode",
+        cmd_upload_filemode,
+        NULL,
+        CMD_SCOPE_ANY,
+        "octal permissions mode for uploaded files"
+    ),
+
     AP_INIT_TAKE1 (
         "SecUploadKeepFiles",
         cmd_upload_keep_files,

apache2/modsecurity.h

@@ -377,6 +377,7 @@ struct directory_config {
     const char          *upload_dir;
     int                  upload_keep_files;
     int                  upload_validates_files;
+    int                  upload_filemode;
 
     /* Used only in the configuration phase. */
     msre_rule           *tmp_chain_starter;

apache2/msc_multipart.c

@@ -9,6 +9,7 @@
  *
  */
 #include <ctype.h>
+#include <sys/stat.h>
 
 #include "msc_multipart.h"
 #include "msc_util.h"
@@ -377,6 +378,21 @@ static int multipart_process_part_data(modsec_rec *msr, char **error_msg) {
 
                 msr_log(msr, 4, "Multipart: Created temporary file: %s",
                     log_escape_nq(msr->mp, msr->mpd->mpp->tmp_file_name));
+
+                #if (!(defined(WIN32) || defined(NETWARE)))
+                if (msr->txcfg->debuglog_level >= 9) {
+                    msr_log(msr, 9, "Multipart: Changing file mode to %04o: %s", msr->txcfg->upload_filemode, log_escape_nq(msr->mp, msr->mpd->mpp->tmp_file_name));
+                }
+                if (fchmod(msr->mpd->mpp->tmp_file_fd, msr->txcfg->upload_filemode) < 0) {
+                    
+                    char errbuf[256];
+                    if (msr->txcfg->debuglog_level >= 3) {
+                        msr_log(msr, 3, "Multipart: Could not change mode on \"%s\" (%d): %s",
+                            log_escape_nq(msr->mp, msr->mpd->mpp->tmp_file_name),
+                            errno, apr_strerror(APR_FROM_OS_ERROR(errno), errbuf, 256));
+                    }
+                }
+                #endif
             }
 
             /* write the reserve first */

doc/modsecurity2-apache-reference.xml

@@ -3,7 +3,7 @@
   <title>ModSecurity Reference Manual</title>
 
   <articleinfo>
-    <releaseinfo>Version 2.1.6-rc1 / (Jan 23, 2008)</releaseinfo>
+    <releaseinfo>Version 2.1.6-rc1 / (Jan 24, 2008)</releaseinfo>
 
     <copyright>
       <year>2004-2008</year>
@@ -335,14 +335,15 @@
 
       <listitem>
         <para>Add one line to your configuration to load libxml2:</para>
+
         <para><literal moreinfo="none">LoadFile
         /usr/lib/libxml2.so</literal></para>
       </listitem>
 
       <listitem>
         <para>Add one line to your configuration to load ModSecurity:</para>
-        <para><literal
+
-        moreinfo="none">LoadModule security2_module
+        <para><literal moreinfo="none">LoadModule security2_module
         modules/mod_security2.so</literal></para>
       </listitem>
 
@@ -363,19 +364,17 @@
       <para>If you have compiled Apache yourself or are compiling for a
       distribution, please read the following notes.</para>
 
-      <para>The ModSecurity Core rules may assume XML support is
+      <para>The ModSecurity Core rules may assume XML support is available
-      available (compiled with -DWITH_LIBXML2).  You may have to manually
+      (compiled with -DWITH_LIBXML2). You may have to manually remove any XML
-      remove any XML references in the Core rules if you choose not to
+      references in the Core rules if you choose not to include XML support.
-      include XML support.  In future versions of ModSecurity XML support
+      In future versions of ModSecurity XML support will be required. For
-      will be required.  For these reasons, please consider XML support
+      these reasons, please consider XML support required.</para>
-      required.</para>
 
-      <para>You might experience problems
+      <para>You might experience problems compiling ModSecurity against PCRE.
-      compiling ModSecurity against PCRE. This is because Apache bundles PCRE
+      This is because Apache bundles PCRE but this library is also typically
-      but this library is also typically provided by the operating system. I
+      provided by the operating system. I would expect most (all)
-      would expect most (all) vendor-packaged Apache distributions to be
+      vendor-packaged Apache distributions to be configured to use an external
-      configured to use an external PCRE library (so this should not be a
+      PCRE library (so this should not be a problem).</para>
-      problem).</para>
 
       <para>You want to avoid Apache using the bundled PCRE library and
       ModSecurity linking against the one provided by the operating system.
@@ -389,11 +388,10 @@
       available only in the Apache source code) and change the include path
       for ModSecurity (as you did in step 7 above) to point to them.</para>
 
-      <para>If your Apache is using an external PCRE library you
+      <para>If your Apache is using an external PCRE library you can compile
-      can compile ModSecurity with <literal
+      ModSecurity with <literal moreinfo="none">WITH_PCRE_STUDY</literal>
-      moreinfo="none">WITH_PCRE_STUDY</literal> defined,which would possibly
+      defined,which would possibly give you a slight performance edge in
-      give you a slight performance edge in regular expression
+      regular expression processing.</para>
-      processing.</para>
     </note>
   </section>
 
@@ -1565,6 +1563,29 @@ ServerAlias www.app2.com
       directive is used with <literal>SecUploadKeepFiles</literal>.</para>
     </section>
 
+    <section>
+      <title><literal>SecUploadFileMode</literal></title>
+
+      <para><emphasis>Description:</emphasis> Configures the mode
+      (permissions) of any uploaded files using an octal number.</para>
+
+      <para><emphasis>Syntax:</emphasis> <literal
+      moreinfo="none">SecUploadFileMode octal_mode</literal></para>
+
+      <para><emphasis>Example Usage:</emphasis> <literal
+      moreinfo="none">SecUploadFileMode 0640</literal></para>
+
+      <para><emphasis>Processing Phase:</emphasis> N/A</para>
+
+      <para><emphasis>Scope:</emphasis> Any</para>
+
+      <para><emphasis>Dependencies/Notes:</emphasis> The mode is an octal
+      number (as used in chmod). The default mode is for only the account
+      writing the file to have read/write access (0600). Use this directive
+      with caution to avoid exposing potentially sensitive data to
+      unauthorized users.</para>
+    </section>
+
     <section>
       <title><literal>SecUploadKeepFiles</literal></title>
 
@@ -4440,4 +4461,4 @@ SecRule XML "<emphasis role="bold">@validateSchema /path/to/apache2/conf/xml.xsd
       </section>
     </section>
   </section>
-</article>
+</article>