SELinux should be off by default in FC3

[Colin Walters]

On Thu, 2004-10-07 at 10:30 -0500, Chris Adams wrote:

> We sell web hosting, and believe me, customers will upload their files
> to just about anywhere on the server they have write access (and they'll
> try other places without knowing why).  Shared web hosting is a perfect
> environment for SELinux, but this would be a killer.  Explaining that
> their CGIs have to have execute permission is hard enough.

I think that explaining what your users need to do for SELinux in this
case is quite similar to explaining execute permissions.  

CGI scripts for example in the default Apache policy need to be
httpd_user_script_exec_t.  CGI script data needs to be
httpd_user_script_ro_t or httpd_user_script_rw_t.  There's no way for
SELinux to automatically guess what data you want writable by the CGI
and what you don't.

You simply need to have users be aware of chcon -t if you want the
additional security.  Although:

> Also, as someone else mentioned, people do intentionally upload things
> in one place (out of the web directory) and then move them into place
> after the upload is complete.  This is especially common when uploading
> a whole new version of a site.

There could be higher level tools built here that would automatically
set corresponding types when a new site is uploaded.  You'd have your
users upload their website into a "staging" area, and then a cron job
would move it into place atomically and relabel it as necessary.

I think it'd also be very useful to have tools that parsed the SELinux
audit logs and warned an administrator if a user's web site seemed not
to be set up correctly; you could even have it automatically relabel
there too, but there are tradeoffs.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20041007/c4ebe6a0/attachment.sig>