[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: apache cron job



On Monday 25 April 2005 18:24, Holger Burde <hburde t-online de> wrote:
> I run a FC3 System with the rawhide strict Policy. I have a cron script
> (apache) that needs to read/write files under /var/www/
> { httpd_sys_content_t }. Any idea whats the best (= secure) way to do
> so ? audit2allow suggests this : allow system_crond_t
> httpd_sys_content_t:file write; - maybe there isa better solution?

Cron jobs that deal with data from the net are a risk, potentially if an 
attacker controlled the remote data source they could make repeated attempts 
at manipulating the data to exploit your machine without you realising.

Having a separate domain for the cron job may be best.  But this would require 
writing more policy.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]