How to get SELinux to prevent Apache/HTTPD from reading specific files [closed]

asked 2014-11-13 01:52:50 -0500

Sterling Fitzgerald gravatar image

What am I missing with SELinux? I thought it was supposed to be another layer of security but I built a web page vulnerable to command injection and it can basically traverse most of my file system.

I thought SELinux was suppose to block httpd from even reading arbitrary files. I'm specifically worried about an attacker reading the /etc/passwd file. I know Dan Walsh mentioned that ( http://danwalsh.livejournal.com/56760.html?thread=335032 ).

Other than the regular Discretionary Access Controls, is there a way to block this through SELinux? Would I have to build my own policy? SELinux is in Enforcing mode.

edit retag flag offensive reopen merge delete

Closed for the following reason duplicate question by sideburns
close date 2014-11-13 02:20:38.507342

Comments