On Monday 25 April 2005 18:24, Holger Burde <hburde(a)t-online.de> wrote:
I run a FC3 System with the rawhide strict Policy. I have a cron
script
(apache) that needs to read/write files under /var/www/
{ httpd_sys_content_t }. Any idea whats the best (= secure) way to do
so ? audit2allow suggests this : allow system_crond_t
httpd_sys_content_t:file write; - maybe there isa better solution?
Cron jobs that deal with data from the net are a risk, potentially if an
attacker controlled the remote data source they could make repeated attempts
at manipulating the data to exploit your machine without you realising.
Having a separate domain for the cron job may be best. But this would require
writing more policy.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page