/proc {getattr} failures
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Tue May 24 17:06:29 UTC 2005
On Tue, 24 May 2005 10:47:12 EDT, Stephen Smalley said:
> On Sun, 2005-05-22 at 21:53 -0400, Valdis.Kletnieks at vt.edu wrote:
> > Am I the only one here who thinks that this is really something that can't
> > be supported in the context of the 'targeted' policy, and would be much
> > easier to do in 'strict'?
>
> It shouldn't be done at all, other than to dontaudit these attempts. No
> legitimate reason for a CGI script to be probing init's /proc/pid files.
I've always been leery of using dontaudit to shut things up - it means that there's
a possibility that we miss the early warning signs of an actual attack.
I wonder if the cgi script is just doing something like 'ps ax|grep mydaemon'
to see if a daemon is running...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20050524/0d264510/attachment.sig>
More information about the fedora-selinux-list
mailing list