On Mon, Aug 08, 2005 at 04:40:42PM +0100, Joe Orton wrote: > On Fri, Aug 05, 2005 at 02:49:37PM -0400, Daniel J Walsh wrote: > > Joe Orton wrote: > > >No, when mod_proxy is used as a generic HTTP proxy (a not entirely > > >uncommon configuration) it needs to be able to connect to any remote > > >port on any remote address. > > > > > > > > Defaulting apache to can_network_connect_any=1 could allow a subverted > > apache web server to be setup as a spammer, or a launch site for further > > attacks. So I don't think this would be a good idea. > > Currently the following is known to be broken in the default > configuration: Another one, https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165592 4) web applications which connect to remote LDAP databases, and similarly, I guess, the Apache LDAP-based authentication module, if configured to use remote LDAP databases. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
