Joe Orton wrote:
On Wed, Aug 03, 2005 at 09:41:43AM -0400, Daniel J Walsh wrote:
Joe Orton wrote:
Expected Results: I would expect the default policy to allow proxying and
Message is not explicit and I had to search a long time to understand....
Additional info:
We could allow apache to connect to apache ports by default, if that
would satisfy this.
No, when mod_proxy is used as a generic HTTP proxy (a not entirely
uncommon configuration) it needs to be able to connect to any remote
port on any remote address.
joe
Defaulting apache to can_network_connect_any=1 could allow a subverted
apache web server to be setup as a spammer, or a launch site for further
attacks. So I don't think this would be a good idea.
--
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
