On Thu, 2007-02-08 at 16:31 +0000, Dan Track wrote: > On 2/8/07, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > On Thu, 2007-02-08 at 16:09 +0000, Dan Track wrote: > > > I've tried to capture the process information that is triggiring these > > > alerts but so far I'm failing. Basically the web page is just a form > > > which you submit as soon as you press the submit button the whole > > > process is over in a second. > > > > Well, you could just wrap the script under strace or autrace or > > something similar. > > > > Question: What happens if you don't allow the getsession permission but > > just fix up the file permissions by running chcon as I suggested? Does > > the getsession denial actually prevent it from working? > > > > -- > > Hi > > I just ran the chcon command you gave and now the web page script > works fine. So it seems to have fixed the problem. But I'm still > intrigued by your investigation, and I'd like to continue it. > > Since this is a httpd process how would I run strace on any child > process that may appear? You could wrap your current script with a script that invokes it with strace -f -ff -o /tmp/webtrace <nameofrealscript>. Or, at a cost of tracing the entire apache process and all descendants, you could do: # /etc/init.d/httpd stop # strace -f -ff -o webtrace /usr/sbin/httpd Then you should see a webtrace.<pid> file for each process created by httpd with the trace information. In which you can grep for a call to getsid and see the pid that was passed to it (and possibly how it was obtained in the first place, from the preceding calls). -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
