Apache Shell Attack Domain Transition

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Greetz,

So we asked a question on another list about how to avoid storing credentials

to a DB in files for said Apache server.

It was found then a great solution from PHP Cookbook suggesting

to use an "Include" file readable only by root with credentials and Apache then reads on

startand stores credentials as variables.

I would like to know if SELinux can block this attack?

For example, an attacker gets a reverse shell as apache:apache user

and they try to connect to DB.

What domain would they be in at time of shell (httpd_t)?

Would the DB be confined to some other domain?

Could they try and connect to DB after having read credentials from unsecured config file?

Is there a domain transition.

Thank you.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux