gnu not unix wrote:
[y4kk0@X ~]$ ls -Zd public_html/
drwxrwxrwx y4kk0 users system_u:object_r:httpd_user_content_t
public_html/
[y4kk0@X ~]$
selinux-policy-targeted-1.25.4-10
system: Fedora Core 4
Maybe default policy should allow ftp server to enter this directory
so users would be able to upload their WWW stuff via ftp?
Sounds reasonable, I will add it.
Ouch, this seems like opening up an attack vector to me.
Shouldn't ftp *upload* be to a write-only "holding cell"
at least?
../Steven
This is only for ftp being allowed to modify users homedirs. If the
user sets boolean
ftp_home_dir then the user can modify and read most contents of the
users home dir. This just adds public_html. If you want to protect the
users home dir from ftp, I would not turn on that boolean. Without this
change a hacker could put something in the .bashrc or other startup
files and next time the real user logs in it would manipulate the
public_html directory.
--
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
