Chapter 4. Security

TUX is designed to have very strict security. This is possible because the assistant user-space daemons is used to handle the complex exceptions.

TUX only serves a file if

  1. The URL does not contain ?.

  2. The URL does not start with /.

  3. The URL points to a file that exists.

  4. The file is world-readable. [1]

  5. The file is not a directory. [1]

  6. The file is not executable. [1]

  7. The file does not have the sticky-bit set. [1]

  8. The URL does not contain any forbidden substrings such as .. [1]

Notes

[1]

Configurable through the sysctl parameters in /proc/sys/net/tux