Re: A cgi issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/16/2013 10:11 AM, m.roth@xxxxxxxxx wrote:
> Before I create a local policy, could someone explain to me the reason that
> the standard policy (CentOS 6.4, 
> selinux-policy-3.7.19-195.el6_4.12.noarch, 
> selinux-policy-targeted-3.7.19-195.el6_4.12.noarch) does not allow a .cgi 
> script to read a configuration file?
> 
> grep ticket2 /var/log/audit/audit.log | audit2allow
> 
> #============= httpd_sys_script_t ============== allow httpd_sys_script_t
> httpd_config_t:file { read ioctl open getattr };
> 
> mark
> 
> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
Probably because no one has asked.  I guess you could argue their could be
private data in these files and we would not want to allow cgi scripts to read
it?  Potentially secrets.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlHlXtQACgkQrlYvE4MpobOocwCeLZcAfMkbYdFcCZYG1TCClcb2
fy8AniyDj2psX5YZLPRYcHrmFYvMYcBJ
=ryJK
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux