/proc {getattr} failures
Daniel J Walsh
dwalsh at redhat.com
Wed May 25 00:35:22 UTC 2005
Valdis.Kletnieks at vt.edu wrote:
>On Tue, 24 May 2005 10:47:12 EDT, Stephen Smalley said:
>
>
>>On Sun, 2005-05-22 at 21:53 -0400, Valdis.Kletnieks at vt.edu wrote:
>>
>>
>
>
>
>>>Am I the only one here who thinks that this is really something that can't
>>>be supported in the context of the 'targeted' policy, and would be much
>>>easier to do in 'strict'?
>>>
>>>
>>It shouldn't be done at all, other than to dontaudit these attempts. No
>>legitimate reason for a CGI script to be probing init's /proc/pid files.
>>
>>
>
>I've always been leery of using dontaudit to shut things up - it means that there's
>a possibility that we miss the early warning signs of an actual attack.
>
>I wonder if the cgi script is just doing something like 'ps ax|grep mydaemon'
>to see if a daemon is running...
>
>
>
>
kill5 and pidof can also cause these to happen.
>------------------------------------------------------------------------
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
--
More information about the selinux
mailing list