On Thu, 2004-10-07 at 10:30 -0500, Chris Adams wrote: > We sell web hosting, and believe me, customers will upload their files > to just about anywhere on the server they have write access (and they'll > try other places without knowing why). Shared web hosting is a perfect > environment for SELinux, but this would be a killer. Explaining that > their CGIs have to have execute permission is hard enough. I think that explaining what your users need to do for SELinux in this case is quite similar to explaining execute permissions. CGI scripts for example in the default Apache policy need to be httpd_user_script_exec_t. CGI script data needs to be httpd_user_script_ro_t or httpd_user_script_rw_t. There's no way for SELinux to automatically guess what data you want writable by the CGI and what you don't. You simply need to have users be aware of chcon -t if you want the additional security. Although: > Also, as someone else mentioned, people do intentionally upload things > in one place (out of the web directory) and then move them into place > after the upload is complete. This is especially common when uploading > a whole new version of a site. There could be higher level tools built here that would automatically set corresponding types when a new site is uploaded. You'd have your users upload their website into a "staging" area, and then a cron job would move it into place atomically and relabel it as necessary. I think it'd also be very useful to have tools that parsed the SELinux audit logs and warned an administrator if a user's web site seemed not to be set up correctly; you could even have it automatically relabel there too, but there are tradeoffs.
Attachment:
signature.asc
Description: This is a digitally signed message part
