On Thu, Oct 21, 2004 at 12:36:35PM -0400, Colin Walters wrote: > On Thu, 2004-10-21 at 15:22 +0900, Makoto Otsu wrote: > > Apache configtest not work > > > > The following commands display nothing. > > > > # service httpd configtest > > > > or > > > > # httpd -t > > Right - this is a consequence of the SELinux policy for Apache. We do > not want the httpd process to have access to your terminal. If it did, > a compromised or buggy httpd process could do very bad things. > > The fix is to break the config-testing bit into its own binary. We > could have a wrapper around /usr/sbin/httpd which would parse arguments, > and exec /usr/sbin/httpd-configtest if the -t option is passed, > otherwise we exec /usr/sbin/httpd.real. Oh, this is still so insane! Do you want two copies of libphp4.so, one which contains just the "config testing" code too, or what? Because testing the config file involves *interpreting* the config file. If the problem is to inhibit terminal access can't we just run it under some "tee" like binary from the init script, so at least that works? joe