[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: apache cron job



hi;

The data is checked before any processing takes place (src, length, a
parser goes over it,..). If it does not meet the criteria its thrown
away. I'll take a look at the 'separate domain' approach .. thx ... 

hb   
 
Am Montag, den 25.04.2005, 20:59 +1000 schrieb Russell Coker:
> On Monday 25 April 2005 18:24, Holger Burde <hburde t-online de> wrote:
> > I run a FC3 System with the rawhide strict Policy. I have a cron script
> > (apache) that needs to read/write files under /var/www/
> > { httpd_sys_content_t }. Any idea whats the best (= secure) way to do
> > so ? audit2allow suggests this : allow system_crond_t
> > httpd_sys_content_t:file write; - maybe there isa better solution?
> 
> Cron jobs that deal with data from the net are a risk, potentially if an 
> attacker controlled the remote data source they could make repeated attempts 
> at manipulating the data to exploit your machine without you realising.
> 
> Having a separate domain for the cron job may be best.  But this would require 
> writing more policy.
> 
-- 
Holger Burde <hburde t-online de>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]