On Oct 3, 2011, at 12:39 PM, Dominick Grift wrote: > On Mon, 2011-10-03 at 12:29 -0400, Scott Gifford wrote: >> PHP uploads files into a temporary directory, where they are given the >> label "httpd_tmp_t". When a PHP script processes them, it >> calls move_uploaded_file to move the newly uploaded file into its >> final location. This function does some validity checks, then does a >> rename(2) from the temporary location to the location passwd to >> move_uploaded_file. > > Your web app would need to copy the file instead. > > Or why not make your app create the file in the final destination in the > first place. then rename it there. > >> The problem is that after the rename, the file still retains its >> original label, "httpd_tmp_t". That makes it inconsistent with files >> and directories which weren't uploaded, and requires some policy >> gymnastics to take into account that anything that could have been >> uploaded might have the "httpd_tmp_t" type. > >> I am wondering if there is some good way to automatically relabel this >> file when it is renamed? >> >> I would like for the PHP application to work on SELinux and >> non-SELinux systems, so I would prefer not to make calls out to >> SELinux-specific scripts and programs (like restorecon). What I would >> really like is some configuration option that would just relabel files >> according to their destination when they are rename(2)'d, but that may >> be asking too much. :-) > > That is not practical because whatever moves the file might not be > allowed to relabelto the target location type. > > So i do not think that this is feasible. > >> >> Thanks for any advice, >> >> >> -----Scott. >> Hi, I think it's one of those cases where if a person asks how to shoot himself, he shouldn't be provided any recipes :) I understand where this requirement is coming from. Many current web engines nowadays allow you to install "extensions" or "plugins" via web interface. This is convenient, but absolutely insecure - think about it, you are trying to allow application to do self code modifications, the very thing that SELinux should help you to prevent. A bug in wordpress/phpbb/cms made simple/whatever together with this SELinux backdoor would allow installation of a malicious code on your server. I bet you have GRANT ALL PRIVILEGES ON database.* to webuser, and you will wake up with no website, for example, or stolen sensitive data. Convenience and security most times contradict each other. Install your php code manually. Vadym -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
