On Tue, Jan 14, 2025 at 5:51 PM justina colmena ~biz via selinux <selinux@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > On Tuesday, January 14, 2025 1:55:36 PM Pacific Standard Time David Sastre > Medina via selinux wrote: > > There is no need for that. This is supposed to be, amongst many other > > things, a learning experience for everyone. > > Thank you all. People are busy at work. My only remaining problem that I am > aware of with SELinux is well documented > > * https://phabricator.wikimedia.org/T250763 > > The GeSHi syntaxhighlight extension on MediaWiki does not work in hardened > installations. That is not to mention SELinux specifically. I can't find > anything in the audit logs on it either, but the kinds of permissions that are > asked for there are definite security concerns on a web server, exactly what > SELinux is designed to lock down. T250763 was a Crypto++ bug report. I filed it. It concerned MediaWiki and hardening of PHP, and not SELinux. I believe the fix for T250763 is to provide an implementation of syntax highlighting in PHP, and not shell-out to external programs. Web developers have their own views on security. Web folks are trusting and promiscuous, and it there is an impedance mismatch between projects like SELinux (and old folks like C programmers). Jeff -- _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
