Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Webアプリケーション実行環境におけるセキュリティ

 Webアプリケーション実行環境におけるセキュリティ

福岡ゆるっとIT交流会 vol.9「セキュリティの話を聞こう」

2019/01/25

さくらインターネット株式会社
さくらインターネット研究所

上級研究員 松本亮介 / まつもとりー / @matsumotory

MATSUMOTO Ryosuke

January 25, 2019
Tweet

More Decks by MATSUMOTO Ryosuke

Other Decks in Technology

Transcript

  1. 2 ɾ͘͞ΒΠϯλʔωοτݚڀॴ ্ڃݚڀһ ɾגࣜձࣾGrooves Forkewll ٕज़ސ໰ ɾϖύϘݚڀॴ ٬һݚڀһ ݚڀސ໰ ɾηΩϡϦςΟɾΩϟϯϓߨࢣ

    ɾ৘ใॲཧֶձ Πϯλʔωοτͱӡ༻ٕज़ݚڀձ ֤छҕһ ɾژ౎େֶത࢜ʢ৘ใֶʣ দຊ྄հ / ·ͭ΋ͱΓʔ / @matsumotory
  2. 8 • unshare(): IPCɺnetɺmountɺpidɺuserͳͲͷ໊લۭؒΛִ཭ • chroot(): rootσΟϨΫτϦͷมߋ • Ծ૝Ϛγϯͱൺֱִͯ͠཭౓͸௿͍͕ऩ༰αʔό୯ҐͰͷऩ༰ޮ཰͸ߴ͍ •

    OSͷγεςϜྖҬ͔ΒϑΝΠϧγεςϜɾ໊લۭؒͰִ཭Մೳ • chroot؀ڥʹϑΝΠϧϕʔεͰॆ࣮ͨ͠ϥΠϒϥϦ؀ڥΛߏஙՄೳ • ϗετ୯ҐͰෆඞཁͳίϚϯυ΍ϥΠϒϥϦΛ഑ஔ͠ͳ͍ͱ੍͍ͬͨޚ͕Մೳ unshare()౳ͰϓϩηεΛִ཭͢ΔϞσϧ(2)
  3. 9 • ϗετ୯ҐͰݸผͷJVMΛ༻ҙ • ΞϓϦέʔγϣϯαʔόʹΑΔ୯७ͳϓϩηε෼཭Ϟσϧ(3)ʹ֘౰ • SteinʹΑΔख๏ [1] • (3)ͷख๏ϕʔεͰҟͳΔϢʔβݖݶͰϓϩηεΛىಈ͢Δख๏

    • ෳ਺ͷαʔό΁εέʔϧΞ΢τ͢Δ͜ͱ͕ࠔ೉Ͱ͋Δ՝୊΋͋Δ JavaServlet΍Ruby on RailsͷϞσϧ(3) [1] L. Stein, “SBOX, put CGI scripts in a box,” USENIX Annual Technical Conference, General Track, pp.145–155, June 1999.
  4. 12 • ΞΫηεͷ߹ͬͨϗετ໊ʹରԠͨ͠υΩϡϝϯτϧʔτΛಈతʹղੳ • Ծ૝ϗετ਺ʹϓϩηε਺͕ґଘ͠ͳ͍ͨΊߴूੵऩ༰࣌ʹޮ཰͕ྑ͍ • ڞ༗ετϨʔδʹσʔλΛల։͢Ε͹Webαʔό܈ͷෛՙ෼ࢄ͕Մೳ • σʔλ΍ઃఆ͕Webαʔόʹݻఆ͞Εͳ͍ͨΊ •

    ಈతίϯςϯπͷ࣮ߦʹ༷ʑͳ޻෉͕ඞཁͱͳΓෳࡶͰ͋Δ • Ϧιʔεڝ߹໰୊΍ηΩϡϦςΟͷ୲อɺߴूੵ࣌ͷੑೳ΍ӡ༻ٕज़ͷ໰୊ Ծ૝ϗετํࣜͷϝϦοτͱσϝϦοτ
  5. 13 • Ծ૝ϚγϯϨϕϧͷ෼཭ • ߴूੵʹϗετΛऩ༰͢Δʹ͸ෆ޲͖ɾηΩϡϦςΟॏࢹͷ৔߹ • ϓϩηεϨϕϧͷ෼཭ • ϗετ਺ʹґଘͯ͠ϓϩηε਺͕૿Ճ͢ΔͨΊߴूੵʹ͸ෆ޲͖ •

    ୯Ұͷαʔόϓϩηε܈Ͱෳ਺ͷϗετΛԾ૝తʹ෼཭ • ϗετ਺ʹґଘ͠ͳ͍ͨΊߴूੵʹద͍ͯ͠Δ • ಛఆͷϗετͷϦιʔεઐ༗͕αʔόϓϩηεͷϦιʔεΛઐ༗͢Δ ߴूੵऩ༰ʹ͓͚Δϗετִ཭·ͱΊ
  6. 16 CGI࣮ߦํࣜ $(*QSPDFTT QIQDHJJOEFYQIQ $(*QSPDFTT GPSL UFSNJOBUFQSPDFTT FYFDWF 1BSFOUIUUQEQSPDFTT PXOFSSPPU

    $IJMEIUUQEQSPDFTT PXOFSBQBDIF ϦΫΤετຖʹϓϩηεͷੜ੒ɾഁغͱൺֱతେ͖ͳ ΠϯλϓϦλόΠφϦʢ1)1ͩͱQIQDHJʣͷ FYFDWF ͕ඞཁ
  7. 18 • CGI࣮ߦํࣜ • ΠϯλϓϦλͷෳ਺όʔδϣϯΛ࣮ߦͰ͖Δ • DSO࣮ߦํࣜ • ੑೳ͸ߴ͍͕جຊతʹ͸୯ҰͷWebαʔόʹΠϯλϓϦλΛෳ਺όʔδϣϯ ࣋ͯͳ͍

    • ࣮ߦํࣜʹΑΒͣݖݶ෼཭ػೳΛར༻͠ͳ͍৔߹͸Webαʔόϓϩηεͱಉ༷ ͷΦʔφͰ࣮ߦ͞ΕΔͨΊηΩϡϦςΟ্ͷ՝୊͕͋Δ ಈతίϯςϯπͷ࣮ߦํࣜͷͦͷଞಛ௃
  8. 24 CGI࣮ߦํࣜ $(*QSPDFTT QIQDHJJOEFYQIQ $(*QSPDFTT GPSL UFSNJOBUFQSPDFTT FYFDWF 1BSFOUIUUQEQSPDFTT PXOFSSPPU

    $IJMEIUUQEQSPDFTT PXOFSBQBDIF ϦΫΤετຖʹϓϩηεͷੜ੒ɾഁغͱ ൺֱతେ͖ͳόΠφϦʢ1)1ͩͱQIQDHJόΠφϦʣͷ FYFDWF ͕ඞཁ
  9. $(*QSPDFTT PXOFSVTFS $(*QSPDFTT PXOFSSPPU QIQDHJJOEFYQIQ PXOFSVTFS $(*QSPDFTT PXOFSVTFS ੩తʹઃఆ͞ΕͨVJEΛݩʹTFUVJE TFUHJE

    GPSL  FYFDWF TVFYFDQSPHSBN TFUVJESPPU UFSNJOBUFQSPDFTT FYFDWF 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF ϦΫΤετຖʹ$(*༻ϓϩηεͷ ੜ੒ഁغ͕ඞཁ ˞$(* TV&9&$
  10. 27 • DoerschΒʹΑΔख๏[1] • suEXEC࣌ʹ֤ϗετ؀ڥͰchroot()γεςϜίʔϧʹΑΓִ཭ • ϗετྖҬ֎ͷϑΝΠϧΛӾཡ͢Δ͜ͱ͕Ͱ͖ͳ͍ • ϗετ୯ҐͰݸผʹϥΠϒϥϦ΍࣮ߦ؀ڥΛ༰қ͢Δඞཁ͸͋Δ •

    ෳ਺ͷ࣮ߦ؀ڥͷݻఆతͳϥΠϒϥϦ͸ϋʔυϦϯΫͰࢀর͢Δ͜ͱʹΑΓ ࣮ߦ؀ڥߏங΍࢖༻༰ྔͷίετΛ࡟ݮՄೳ suEXECͱchrootͷ૊Έ߹ΘͤʹΑΔִ཭ख๏
  11. $(*QSPDFTT PXOFSVTFS $(*QSPDFTT PXOFSSPPU QIQDHJJOEFYQIQ PXOFSVTFS $(*QSPDFTT PXOFSVTFS DISPPU ޙ

    TFUVJE TFUHJE GPSL  FYFDWF TVFYFDQSPHSBN TFUVJESPPU UFSNJOBUFQSPDFTT FYFDWF 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF DISPPU&OWJSPONFOU ˞%PFSTDIΒͷख๏
  12. 33 • DSO࣮ߦํࣜͰ͋Δmod_php͸ηʔϑϞʔυͱ͍͏ػೳ͕͋ͬͨ • Ծ૝ϗετํࣜͷݖݶ෼཭Λ࣮ݱ͢ΔͨΊͷࢼΈ [2] • PHPಛ༗ͷηΩϡϦςΟػߏͰ͋Γ൚༻ੑʹ͚ܽͨ • OS΍ϑΝΠϧγεςϜͷݖݶ෼཭ͷ՝୊ΛΞϓϦέʔγϣϯϨΠϠʔͰ࣮ݱ

    ͢Δʹ͸ΞʔΩςΫνϟ্ݱ࣮తͰ͸Μ͔ͬͨ • PHP5.3.0Ͱ࢖༻͕ඇਪ঑ͱͳΓɺPHP5.4.0Ͱػೳ࡟আ PHPͷηʔϑϞʔυ <>IUUQQIQOFUNBOVBMKBGFBUVSFTTBGFNPEFQIQ
  13. 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSSPPU JOEFYQIQ PXOFSVTFS TFUVJE TFUHJE QBSTF SVO

    ˞NPE@TVJE $IJMEIUUQEQSPDFTT PXOFSVTFS $IJMEIUUQEQSPDFTT PXOFSVTFS UFSNJOBUFQSPDFTT ϦΫΤετຖͷࢠIUUQEϓϩηεͷੜ੒ഁغ͕ඞཁ
  14. 46 • NakamitsuΒʹΑΔmod_ruid2 [6] • rootͰαʔόϓϩηεΛىಈ͢ΔͷͰ͸ͳ͘rootͷಛݖΛࡉ෼Խ্ͨ͠ͰҰൠ ϢʔβʹಛݖΛҰ෦༩͑Δ → Linux Capability

    • ΦʔφΛมߋ͢ΔCAP_SETUIDͱCAP_SETGIDΛ༩͑Ε͹ྑ͍ ҰൠϢʔβͷϓϩηεͰݖݶ෼཭͢Δख๏ [6] Hideo, N, mod-ruid2, https://github.com/mind04/mod-ruid2 ΦϑΟγϟϧͷURL͕΋͏ݟ౰ͨΒͳͯ͘୅ΘΓʹmind04͞Μ͕ఏڙΛଓ͚͍ͯΔ໛༷
  15. 47 • ೚ҙΞΫηε੍ޚʢDACʣ • ࣗ਎͕࡞ͬͨϦιʔε΁ʹΞΫηε͸ࣗ਎͕ܾఆ • UNIXͷඪ४తͳϞσϧ • ڧ੍ΞΫηε੍ޚʢMACʣ •

    ࣗ਎͕࡞ͬͨϦιʔεʹ׬શʹΞΫηεͰ͖ΔΘ͚Ͱ͸ͳ͍ • ؅ཧऀ͕ܾఆ → SELinuxɺTOMOYO Linux ΞΫηε੍ޚϞσϧͷ෮श
  16. 48 • Linux2.2Ҏ߱ • ैདྷͷ2֊૚ͷDACݖݶϞσϧͷ֦ு • εϨου୯Ґʹ੍ޚՄೳͳಛݖάϧʔϓ • εϨου͸3छྨͷcapability setΛ࣋ͭ

    • PermittedɺEffectiveɺInheritable • capability setͷ૊Έ߹ΘͤʹΑͬͯcapabilityͷݖݶΛ੍ޚ Linux Capabilities
  17. 49 • Permitted͸ڐՄ • EffectiveͷηοτɾΞϯηοτ͕Մೳ • PermittedΛΞϯηοτ͢Δͱ໭Εͳ͍ • Effective͸࣮ޮ •

    ࣮ࡍͷݖݶՄ൱νΣοΫ͸EffectiveΛ൑ఆ͢Δ • Permitted͕ڐՄ͞Ε͍ͯΕ͹Ξϯηοτޙͷ࠶ηοτ͕Մೳ PermittedͱEffective
  18. 51 • ಛݖΛ͍࣋ͬͯΔҰൠϢʔβͰ΋execve()࣌ʹಛݖ͕མͱ͞ΕΔ • ͨͩ͠ɺrootݖݶͰexecve()ͨ͠৔߹͸ಛݖΛҾ͖ܧ͛Δ • ϑΝΠϧࣗମʹಛݖΛઃఆͨ͠৔߹͸execve()࣌ʹಛݖΛҾ͖ܧ͙ • ͋Β͔͡ΊϑΝΠϧʹಛݖΛઃఆ͢Δඞཁ͋Γ •

    ೚ҙͷίϚϯυΛ೚ҙͷϢʔβͰಛݖΛ༩࣮͑ͭͭߦ͢Δ৔߹͸Ͱ͖ͳ͍ʁ • ҰൠϢʔβͰͷexecve()͕ඞཁɺ͔ͭɺϑΝΠϧʹಛݖΛઃఆͰ͖ͳ͍ ࣮૷࣌ͷ஫ҙ఺΍੍໿ͳͲ
  19. 52 • Linux4.3͔Β௥Ճ͞Εͨcapability • ࢠϓϩηεʹҾ͖ͮͭಛݖ܈ • ҰൠϢʔβͰfile capability͕ͳͯ͘΋execve()ޙʹҾ͖ܧ͛Δ • γϯϓϧͰ͋Δ͕࢖͍ํ࣍ୈͰ͸ඇৗʹڧྗ

    • ίϯςφ࣮૷࣌ʹAmbient capabilities͸͋͑ͯΞϯηοτ͢Δ࣮૷΋ • exeve()ޙͷ਌͔Βͷҙਤ͠ͳ͍ಛݖͷҡ࣋ͱঢ֨Λ๷ࢭ͢ΔͨΊ Ambient capabilities
  20. 1BSFOUIUUQEQSPDFTT PXOFSBQBDIF $IJMEIUUQEQSPDFTT PXOFSBQBDIF JOEFYQIQ PXOFSVTFS TFUVJE TFUHJE QBSTF SVO

    ˞NPE@SVJE $IJMEIUUQEQSPDFTT PXOFSVTFS $IJMEIUUQEQSPDFTT PXOFSBQBDIF ϦΫΤετຖʹϓϩηεͷੜ੒ഁغ͕ෆཁʁʁʁ QSDUM TFUVJETFUHJEDBQT TFUVJE TFUHJE
  21. 1BSFOUIUUQEQSPDFTT PXOFSBQBDIF $IJMEIUUQEQSPDFTT PXOFSBQBDIF JOEFYQIQ PXOFSVTFS TFUVJE TFUHJE QBSTF SVO

    ˞NPE@SVJE $IJMEIUUQEQSPDFTT PXOFSVTFS $IJMEIUUQEQSPDFTT PXOFSBQBDIF ϦΫΤετຖʹϓϩηεͷੜ੒ഁغ͕ෆཁʁʁʁ QSDUM TFUVJETFUHJEDBQT TFUVJE TFUHJE ίϯςϯπΛαʔϏεར༻ऀ͕࡞੒Ͱ͖Δ ৔߹͸੬ऑੑʹͳΔ
  22. 1BSFOUIUUQEQSPDFTT PXOFSBQBDIF $IJMEIUUQEQSPDFTT PXOFSBQBDIF JOEFYQIQ PXOFSVTFS TFUVJE TFUHJE QBSTF SVO

    ˞NPE@SVJE $IJMEIUUQEQSPDFTT PXOFSVTFS $IJMEIUUQEQSPDFTT PXOFSBQBDIF ࣮ߦϓϩηε͕ΦʔφมߋͷಛݖΛ࣋ͬ ͍ͯΔͨΊɺίϯςϯπܦ༝Ͱݖݶมߋ ͕Մೳʂʂ ˣ QSDUM TFUVJETFUHJEDBQT TFUVJE TFUHJE ίϯςϯπ࣮ߦલʹಛݖΛམͱ͞ͳ͍ͱ͍͚ ͳ͍ɻͭ·ΓɺϓϩηεͷΦʔφมߋޙ͸ݩ ͷΦʔφʹ໭Εͳ͍ͨΊϓϩηεഁغ͕ඞཁ VOTFUDBQT
  23. 58 • Webαʔό͔ΒͷݖݶมߋΛՄٯతʹมߋՄೳʹͭͭ͠ɺ࣮ߦ͞ΕΔίϯςϯ πϓϩάϥϜ͔Β͸ݖݶΛมߋ͞Εͳ͍Α͏ʹ͢Δख๏ • ϓϩάϥϜ͔Β࣮ߦ͞ΕΔγεςϜίʔϧΛ͋Β͔͡Ίચ͍ग़͠ɺίϯςϯ π࣮ߦ࣌ʹ֘౰ͷγεςϜίʔϧΛϑοΫͯ͠ݖݶมߋͷॲཧΛແޮԽ͢Δ • Linuxʹ͓͍ͯγεςϜίʔϧΛద੾ʹϑοΫ͢Δʹ͸Χʔωϧʹ௚઀มߋΛՃ ͑Δඞཁ͕͋Δ

    • Χʔωϧ΍ϥΠϒϥϦΛܧଓతʹมߋ͢Δݱ৔Ͱ͸Մൖੑ͕௿͍ ݪΒͷγεςϜίʔϧΛϑοΫ͢Δख๏ [7] [7] ݪ େีɼதࢁହҰɼ“Hussa:εέʔϥϒϧ͔ͭηΩϡΞ ͳαʔόΞʔΩςΫνϟ௿ίετͳαʔόϓϩηε࣮ߦݖ ݶม ߋػߏɼ” ୈ 8 ճ৘ใՊֶٕज़ϑΥʔϥϜ (FIT 2009) ߨԋ࿦จूɼRB-002, 2009.
  24. 62 • DSOํࣜͷੑೳΛ׆͔͢ΞΫηε੍ޚΞʔΩςΫνϟ • ಈతίϯςϯπ࣮ߦલʹΦʔφมߋͷಛݖͷΈΛ༩੍͑ͨޚ༻εϨουΛ࡞੒ • ΦʔφΛมߋͨ͠εϨου্ͰίϯςϯπΛॲཧ • ίϯςϯπ࣮ߦޙ͸εϨουͷΈΛ࡟আ •

    ݖݶ෼཭ͷΦʔόʔϔουΛεϨουͷੜ੒ɾഁغϨϕϧʹ௿ݮ দຊΒͷεϨου୯ҐͰΞΫηε੍ޚ [8] [8] দຊ྄հ, Ԭ෦णஉ,εϨου୯ҐͰݖݶ෼཭Λߦ͏WebαʔόͷΞΫηε੍ޚΞʔΩςΫνϟ,ిࢠ৘ใ௨৴ֶձ࿦จࢽ Vol.J96-B, No.10, pp.1122-1130, Oct 2013.
  25. 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF UISFBE PXOFSVTFS UISFBE PXOFSBQBDIF JOEFYQIQ PXOFSVTFS

    TFUVJE TFUHJE ʜ VOTFUDBQT DSFBUFUISFBE TFUDBQT EFTUSPZUISFBE QBSTF SVO QSDUM TFUVJETFUHJEDBQT UISFBE PXOFSVTFS ˞%40 দຊΒͷΞΫηε੍ޚΞʔΩςΫνϟ
  26. 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF UISFBE PXOFSVTFS UISFBE PXOFSBQBDIF JOEFYQIQ PXOFSVTFS

    TFUVJE TFUHJE ʜ VOTFUDBQT DSFBUFUISFBE TFUDBQT EFTUSPZUISFBE QBSTF SVO QSDUM TFUVJETFUHJEDBQT UISFBE PXOFSVTFS ˞%40 দຊΒͷΞΫηε੍ޚΞʔΩςΫνϟ DISPPU&OWJSPONFOU
  27. 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF UISFBE PXOFSVTFS UISFBE PXOFSBQBDIF TFUVJE TFUHJE

    ʜ VOTFUDBQT DSFBUFUISFBE TFUDBQT EFTUSPZUISFBE QSDUM TFUVJETFUHJEDBQT UISFBE PXOFSVTFS ˞$(* দຊΒͷΞΫηε੍ޚΞʔΩςΫνϟ $(*QSPDFTT PXOFSVTFS QIQDHJJOEFYQIQ PXOFSVTFS $(*QSPDFTT PXOFSVTFS GPSL UFSNJOBUFQSPDFTT FYFDWF
  28. 71 DSO࣮ߦํࣜͷΞΫηε੍ޚੑೳൺֱ w ඵؒϦΫΤετ਺Λ૿Ճͤ͞ͳ͕Βඵ ؒϨεϙϯε਺Λܭଌ w ྘ͷNPE@SVJEΛར༻ͨ͠ΞΫηε੍ ޚ͸΄ͱΜͲੑೳ͕Ͱ͍ͯͳ͍ w ੺ͷদຊΒͷΞΫηε੍ޚ͸ΞΫηε

    ੍ޚແ͠ͷ৔߹ͱൺ΂ͯ΋΄ͱΜͲΦʔ όʔϔου͸ແ͠ ੨ɿΞΫηε੍ޚແ͠ ੺ɿদຊΒͷΞΫηε੍ޚ ྘ɿNPE@SVJE౳ͷΞΫηε੍ޚ
  29. 74 • phpinfo()΁ͷΞΫηεΛstrace͔Βղੳ • CGI ʴ suEXEC: 3377ճ • mod_php

    + mod_process_security: 155ճ • ΦʔόʔϔουʹͳͬͯΔγεςϜίʔϧ • clone() open() close() execve() ͳͲsuEXECؔ࿈ ࢀߟɿγεςϜίʔϧͷ਺Λൺֱ ˞TUSBDFDGQ1*% ˞DBUDHJMPHcHSFQWFQPMM@XBJUcHSFQWGVUFYcQFSMBOF <aEa> QSJOU@JG
  30. 75 ࢀߟɿಋೖલޙͷCPU࢖༻ྔൺֱ Ұ೔ͷΞΫηε਺͸ͲͪΒͷαʔό΋໿ສ $(*ʴTV&9&$ %40ʴNPE@QSPDFTT@TFDVSJUZ ˙TZTUFN ˙VTFS ˙JEMF ref: দຊ྄հ,

    ηΩϡϦςΟͱੑೳཁ݅Λಉ࣌ʹຬͨ͢WebαʔόϗεςΟϯάٕज़ͷ࠷৽ಈ޲, https://speakerdeck.com/matsumoto_r/virtualhosting-security-performance-operasion
  31. 78 • Time-of-check to time-of-Use Race Condition • ҎԼͷॲཧΛUNIX͸ΞτϛοΫʹͰ͖ͳ͍ •

    ϑΝΠϧ͕ϦϯΫ͔ɺϑΝΠϧ·ͰͷύεʹϦϯΫؚ͕·ΕΔ͔ɺͦͷݕࠪ ޙʹϑΝΠϧΛopen()͢ΔΑ͏ͳॲཧ • Webίϯςϯπ͕ࣗ༝ͳϗεςΟϯάʹ͓͍ͯ͸େ͖ͳ໰୊ͱͳΔ • Ϛϧνϓϩηεͷαʔόιϑτ΢ΣΞͰ͸λΠϛϯάʹΑͬͯ͸ϦϯΫͷνΣο ΫޙʹผϑΝΠϧʹ͢Γସ͑ΒΕΔՄೳੑ༗Γ ϦϯΫݕࠪͷTOCTOU໰୊
  32. ϑΝΠϧ͕ϦϯΫ͔ݕࠪ ϑΝΠϧͷύεʹϦϯΫ͕ ؚ·ΕΔ͔ݕࠪ ϑΝΠϧΛPQFO ͯ͠ Ϩεϙϯεੜ੒ॲཧ 8FCαʔόϓϩηεXPSLFS" ϑΝΠϧΛϦϯΫʹ ஔ͖׵͑ ϨʔείϯσΟγϣϯͷ

    Մೳੑ 0, 0, ϦϯΫͷνΣοΫޙʹ ผϗετͷϑΝΠϧ ʹஔ͖׵͑ΒΕͯ೷͖ݟ ͞ΕΔՄೳੑ͋Γ 8FCαʔόϓϩηεXPSLFS#
  33. 81 • ϗεςΟϯάཁ݅ʹ͓͍ͯ͸ղܾՄೳ • ಉҰॴ༗ऀͷϦϯΫ͸࠷ѱݕ஌Ͱ͖ͳͯ͘΋ྑ͍ • ݕ஌͢΂͖͸ଞϗετɺͭ·Γɺଞͷॴ༗ऀͷϑΝΠϧ΁ͷϦϯΫ͔Ͳ͏͔ • ϑΝΠϧopen()ޙʹfd͔ΒΦʔφνΣοΫ •

    ͦͷԾ૝ϗετͰઃఆ͍ͯ͠ΔΦʔφͱopen()ͨ͠ϑΝΠϧͷॴ༗ݖΛൺֱ mod_fileownercheck [9] [9] Ryosuke Matsumotoɼhttps://github.com/matsumotory/mod_fileownercheck.