How to get SELinux to prevent Apache/HTTPD from reading specific files [closed]

asked 2014-11-13 01:52:50 -0600

What am I missing with SELinux? I thought it was supposed to be another layer of security but I built a web page vulnerable to command injection and it can basically traverse most of my file system.

I thought SELinux was suppose to block httpd from even reading arbitrary files. I'm specifically worried about an attacker reading the /etc/passwd file. I know Dan Walsh mentioned that ( http://danwalsh.livejournal.com/56760.html?thread=335032 ).

Other than the regular Discretionary Access Controls, is there a way to block this through SELinux? Would I have to build my own policy? SELinux is in Enforcing mode.

edit retag flag offensive reopen merge delete

Closed for the following reason duplicate question by sideburns
close date 2014-11-13 02:20:38.507342

Comments

This is a duplicate of https://ask.fedoraproject.org/en/question/57827/how-to-get-selinux-to-prevent-apachehttpd-from-reading-specific-files/ One issue, one question.

sideburns ( 2014-11-13 02:20:27 -0600 )edit

add a comment

How to get SELinux to prevent Apache/HTTPD from reading specific files [closed]

Closed for the following reason duplicate question by sideburns
close date 2014-11-13 02:20:38.507342

Comments

Question Tools

Stats

Related questions

How to get SELinux to prevent Apache/HTTPD from reading specific files [closed] edit

Closed for the following reason duplicate question by sideburns close date 2014-11-13 02:20:38.507342

Comments

Question Tools

Stats

Related questions

How to get SELinux to prevent Apache/HTTPD from reading specific files [closed]

Closed for the following reason duplicate question by sideburns
close date 2014-11-13 02:20:38.507342