Re: DAV

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Oct 07, 2004 at 12:51:36PM -0400, Alan Cox wrote:
> On Thu, Oct 07, 2004 at 05:41:38PM +0100, Joe Orton wrote:
> > > Your apache needs to have setfsuid rights, that is all
> > 
> > Are you talking about capabilities or SELinux policy there?  Does the
> > capability bit not then allow children to setfsuid(0) and write files as
> > root?
> 
> You have control over how its inherited depending on whether you admit to
> being capability aware or not. In the sane case you'd turn it off when 
> execing just as you make sure files all get closed.

It's not CGI scripts which is the issue, the issue is whether or not an
OpenSSL buffer overflow gives you remote root or just the privileges of
the "apache" user as it currently does.

joe


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux