Please take our Survey
logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

Re: Squirrelmail forward plugin: msg#00201

Subject: Re: Squirrelmail forward plugin 
Nicklas Norling wrote:


Hi,

I've compiled a local policy for the squirrel plugin mail_fwd found at
http://www.squirrelmail.org/plugin_view.php?id=16.

The minimum required for creating and removing a users .forward file is:

allow httpd_sys_script_t self:capability { setgid setuid };
allow httpd_sys_script_t user_home_dir_t:dir { write add_name remove_name }; allow httpd_sys_script_t user_home_dir_t:file { write create getattr unlink };
Seems like we need policy for the plugin. IE a domain has to be written for it. Maybe a squirrel_helper_exec_t, squirrel_helper_t.
Are these appropriate for inclusion in the next targetted policy or should I send this info for inclusion in the plugins docs? Seems like an awful lot of rights 
to hand out?

The plugin has 18000 downloads according to their webpage.
/Nicke

Nicklas Norling wrote:


Hi.
Just noted a user tried to add .forward by using the forwarding module in squirrelmail.
Jul 20 00:56:52 spock kernel: audit(1121813812.917:1844): avc: denied { setgid } for pid=24466 comm="wfwd" capability=6 scontext=root:system_r:httpd_sys_script_t tcontext=root:system_r:httpd_sys_script_t tclass=capability 

httpd log:
/usr/local/sbin/wfwd: Operation not permitted

[root@spock html]# audit2allow -d -l
allow httpd_sys_script_t self:capability setgid;

The tool used is wfwd.


<snip>

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list




--
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Squirrelmail forward plugin, Nicklas Norling
Next by Date:  Re: Abnormal Apache behavior., Joe Orton
Previous by Thread:  Re: Squirrelmail forward plugin, Nicklas Norling
Next by Thread:  users public_html access, John Griffiths
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
qnx.openqnx.dev...    gcc.libstdc++.c...    solaris.opensol...    information-ret...    misc.misterhous...    web.catalyst.ge...    apache.webservi...    redhat.release....    hardware.lirc/2...    kernel.autofs/2...    technology.sust...    linux.vdr/2003-...    editors.lyx.gen...    org.user-groups...    netbsd.devel.pk...    xdg.devel/2004-...    version-control...    jakarta.slide.d...    debian.packages...    creativecommons...    ports.ppc.embed...    bug-tracking.bu...   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe