Re: CGI script calling sudo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jul 17, 2006 at 09:05:00PM +0200, Jochen Wiedmann wrote:
> Hi,
> I have a CGI script with the following permissions:
>    -rwxr-xr-x  root     root
> root:object_r:httpd_unconfined_script_exec_t  mpver.cgi
> This script is internally invoking "sudo". Sudo itself is a wrapper for
>    -rwxr-xr-x  root     root     system_u:object_r:shell_exec_t
> /usr/sbin/sesh
> This invocation fails, however:
>    Jul 17 20:51:35 fibudbserver kernel: audit(1153162295.966:6): avc:
>    denied  { transition } for  pid=20441 comm="sudo" name="sesh"
>    dev=sda1 ino=235570 scontext=user_u:system_r:httpd_unconfined_script_t
>    tcontext=root:system_r:unconfined_t tclass=process
> What do I need to change?

Can you accomplish your task in some other way? This seems horribly
dangerous.

-- 
Matthew Miller           mattdm@xxxxxxxxxx          <http://mattdm.org/>
Boston University Linux      ------>              <http://linux.bu.edu/>

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux