From: Tom <tom@lemuria.org>
To: SE Linux <selinux@tycho.nsa.gov>
Subject: Re: policy question
Date: Thu, 18 Apr 2002 14:25:18 +0200 [thread overview]
Message-ID: <20020418142518.A5613@lemuria.org> (raw)
In-Reply-To: <20020418104424.B714A44C1C@lyta.coker.com.au>; from russell@coker.com.au on Thu, Apr 18, 2002 at 12:44:24PM +0200
On Thu, Apr 18, 2002 at 12:44:24PM +0200, Russell Coker wrote:
> > Scenario: Webhosting with PHP, multiple users (possibly many)
> > Danger: PHP runs as a module, i.e. with apache's user and permissions.
>
> Here's the problem, not just for SE Linux but also for regular Unix
> permissions models and every other security system I know of.
Absolutely. The problem is that you have a unified frontend with
diversification at the backend. This is the same issue you have for
ssh, except that ssh (and other remote login tools) have a method for
changing to a specific user, based on user/password data.
> Trying to give access to only code from a certain shared object inside a
> program is never going to work. Anything Apache can do to get access, some
> malicious code can also potentially do.
That is not what I want to do. I want to regulate access to certain
FILES. I don't care about apache itself at this point. The scenario I
want to avoid is this:
/var/www/user1/script.php
/var/www/user2/script.php
where user2's script contains something like:
<? $f=fopen("../user1/script.php"); read($f); ?>
--
http://web.lemuria.org/pubkey.html
pub 1024D/D88D35A6 2001-11-14 Tom Vogt <tom@lemuria.org>
Key fingerprint = 276B B7BB E4D8 FCCE DB8F F965 310B 811A D88D 35A6
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2002-04-18 12:24 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-04-18 9:22 policy question Tom
2002-04-18 10:44 ` Russell Coker
2002-04-18 12:25 ` Tom [this message]
2002-04-18 14:51 ` Russell Coker
2002-04-18 15:15 ` Tom
2002-04-18 15:32 ` Stephen Smalley
2002-04-18 16:21 ` Tom
2002-04-18 18:28 ` Russell Coker
2002-04-18 20:40 ` Tom
2002-04-18 21:47 ` Russell Coker
2002-04-19 6:30 ` Tom
2002-04-18 16:08 ` Russell Coker
2002-04-18 16:32 ` Tom
2002-04-18 18:47 ` Russell Coker
2002-04-18 20:49 ` Tom
2002-04-18 21:44 ` Russell Coker
2002-04-19 6:14 ` Tom
2002-04-19 9:10 ` Russell Coker
2002-04-19 12:27 ` Tom
2002-04-19 15:02 ` Stephen Smalley
2002-04-18 15:22 ` Stephen Smalley
-- strict thread matches above, loose matches on Subject: below --
2002-05-02 10:11 Policy question Reino Wallin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020418142518.A5613@lemuria.org \
--to=tom@lemuria.org \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.