[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: DAV



On Thu, Oct 07, 2004 at 05:41:38PM +0100, Joe Orton wrote:
> > Your apache needs to have setfsuid rights, that is all
> 
> Are you talking about capabilities or SELinux policy there?  Does the
> capability bit not then allow children to setfsuid(0) and write files as
> root?

You have control over how its inherited depending on whether you admit to
being capability aware or not. In the sane case you'd turn it off when 
execing just as you make sure files all get closed.

Alan


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]