jorton at redhat.com
Wed Oct 27 14:30:36 UTC 2004
On Mon, Oct 25, 2004 at 09:49:35AM -0400, Colin Walters wrote:
> On Mon, 2004-10-25 at 10:20 +0100, Joe Orton wrote:
> > On Sun, Oct 24, 2004 at 09:55:53PM -0400, Colin Walters wrote:
> > > On Sun, 2004-10-24 at 12:19 +0100, Joe Orton wrote:
> > >
> > > > Oh, this is still so insane! Do you want two copies of libphp4.so, one
> > > > which contains just the "config testing" code too, or what?
> > >
> > > No, that wouldn't be necessary. Each domain would have the privileges
> > > to map libphp4.so and use it.
> > So why would any PHP code be deemed to be safe to have terminal access,
> > but not certain bits of httpd code?
> It doesn't have anything to do with the safety of PHP. Rather, it has
> to do with the fact that SELinux does *not* distinguish between
> different shared libraries within a single process. Once a process
> running as httpd_t loads a shared library, that library is part of the
> process and any code in it runs as httpd_t.
I'm still trying to understand your suggestion to move the bits of code
which do "config testing" into a separate /usr/sbin/httpd-configtest
binary, and how that would avoid the issue. I bring up PHP as an
example of why this isn't really feasible: the code which involves
"config testing" is spread all through the modules, so isn't really
More information about the test