Re: /etc/rc.bsdextended: am I misunderstanding this..?
From: Jilles Tjoelker (jilles_at_stack.nl)
Date: 04/11/05
- Previous message: Jan Grant: "/etc/rc.bsdextended: am I misunderstanding this..?"
- In reply to: Jan Grant: "/etc/rc.bsdextended: am I misunderstanding this..?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 11 Apr 2005 17:37:06 +0200 To: Jan Grant <Jan.Grant@bristol.ac.uk>
On Mon, Apr 11, 2005 at 02:45:31PM +0100, Jan Grant wrote:
> Can someone clear something up for me?
> [[[
> # For apache to read user files, the ruleadd must give
> # it permissions by default.
> ####
> ${CMD} add subject uid 80 object not uid 80 mode rxws;
> ${CMD} add subject gid 80 object not gid 80 mode rxws;
> ]]]
> Doesn't the above mean that an apache user (eg, user-supplied CGI
> process, PHP script, etc) has the ability to read (and write!) anything
> in the filesystem?
MAC restrictions apply in addition to normal restrictions, i.e. an
access is allowed only if both the normal filesystem permissions and
ugidfw permit it.
-- Jilles Tjoelker _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Jan Grant: "/etc/rc.bsdextended: am I misunderstanding this..?"
- In reply to: Jan Grant: "/etc/rc.bsdextended: am I misunderstanding this..?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
