From: Tom <tom@lemuria.org>
To: SE Linux <selinux@tycho.nsa.gov>
Subject: Re: policy question
Date: Thu, 18 Apr 2002 17:15:32 +0200 [thread overview]
Message-ID: <20020418171532.B6551@lemuria.org> (raw)
In-Reply-To: <20020418145101.D31F444CB8@lyta.coker.com.au>; from russell@coker.com.au on Thu, Apr 18, 2002 at 04:51:01PM +0200
On Thu, Apr 18, 2002 at 04:51:01PM +0200, Russell Coker wrote:
> > Absolutely. The problem is that you have a unified frontend with
> > diversification at the backend. This is the same issue you have for
> > ssh, except that ssh (and other remote login tools) have a method for
> > changing to a specific user, based on user/password data.
>
> Ssh solves it by forking a new process and changing UID BEFORE doing any work.
Right. I want to do the same thing, but not with UIDs, but with
domains.
> > where user2's script contains something like:
> > <? $f=fopen("../user1/script.php"); read($f); ?>
>
> What you could do is to have a unix domain socket named /var/www/socket/user1
> which the Apache process creates and then forks off a child process to run
> all PHP code for user1 under the UID of that user, and then pass back the
> data to Apache through the socket for retransmission to the client.
That requires changes in the apache code, which is bug-prone and will
probably be lost with the next upgrade. I want to put the policy
enforcement into the kernel/security server, where it belongs.
In essence, it boils down to: "a script (php, cgi, whatever) that
belongs to user X can only access files of user X"
The sole problem being that the scripts aren't executed in the
unix-sense of execution, but by being loaded and interpreted by the
apache process.
--
http://web.lemuria.org/pubkey.html
pub 1024D/D88D35A6 2001-11-14 Tom Vogt <tom@lemuria.org>
Key fingerprint = 276B B7BB E4D8 FCCE DB8F F965 310B 811A D88D 35A6
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2002-04-18 15:14 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-04-18 9:22 policy question Tom
2002-04-18 10:44 ` Russell Coker
2002-04-18 12:25 ` Tom
2002-04-18 14:51 ` Russell Coker
2002-04-18 15:15 ` Tom [this message]
2002-04-18 15:32 ` Stephen Smalley
2002-04-18 16:21 ` Tom
2002-04-18 18:28 ` Russell Coker
2002-04-18 20:40 ` Tom
2002-04-18 21:47 ` Russell Coker
2002-04-19 6:30 ` Tom
2002-04-18 16:08 ` Russell Coker
2002-04-18 16:32 ` Tom
2002-04-18 18:47 ` Russell Coker
2002-04-18 20:49 ` Tom
2002-04-18 21:44 ` Russell Coker
2002-04-19 6:14 ` Tom
2002-04-19 9:10 ` Russell Coker
2002-04-19 12:27 ` Tom
2002-04-19 15:02 ` Stephen Smalley
2002-04-18 15:22 ` Stephen Smalley
-- strict thread matches above, loose matches on Subject: below --
2002-05-02 10:11 Policy question Reino Wallin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020418171532.B6551@lemuria.org \
--to=tom@lemuria.org \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.