[CentOS] Apache not liking directories outside of /var/www
Kenneth Porter
shiva at sewingwitch.comFri Jul 31 17:50:47 UTC 2009
- Previous message: [CentOS] Apache not liking directories outside of /var/www
- Next message: [CentOS] Apache not liking directories outside of /var/www
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
--On Friday, July 31, 2009 2:07 PM -0400 Boris Epstein <borepstein at gmail.com> wrote: > I am running mod_security and also if the intruder gets to the shell > level they will be able to bypass the SELinux entirely. How? The selinux commands require root access. First you'd have to get a root escalation exploit to promote from user apache to root, and then disable selinux. The exploit in the linked article is stopped because it can't run the escalation program which was downloaded to /tmp. > I believe in security too but security should not be crippling. Do you also disable iptables, because a firewall is too complicated to configure just to run an IP service? SELinux is just another kind of firewall, but one between user/process/resource triplets. As with a good network firewall, it denies all by default and one selectively allows the triplets that make sense for one's application.
- Previous message: [CentOS] Apache not liking directories outside of /var/www
- Next message: [CentOS] Apache not liking directories outside of /var/www
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list