[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: apache configtest



On Thu, 2004-10-21 at 15:22 +0900, Makoto Otsu wrote:
> Apache configtest not work
> 
> The following commands  display nothing.
> 
> # service httpd configtest
> 
> or
> 
> # httpd -t

Right - this is a consequence of the SELinux policy for Apache.  We do
not want the httpd process to have access to your terminal.  If it did,
a compromised or buggy httpd process could do very bad things.

The fix is to break the config-testing bit into its own binary.  We
could have a wrapper around /usr/sbin/httpd which would parse arguments,
and exec /usr/sbin/httpd-configtest if the -t option is passed,
otherwise we exec /usr/sbin/httpd.real.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]