Re: /etc/rc.bsdextended: am I misunderstanding this..?

看板FB_security作者時間21年前 (2005/04/11 23:38), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串2/2 (看更多)
On Mon, Apr 11, 2005 at 02:45:31PM +0100, Jan Grant wrote: > Can someone clear something up for me? > [[[ > # For apache to read user files, the ruleadd must give > # it permissions by default. > #### > ${CMD} add subject uid 80 object not uid 80 mode rxws; > ${CMD} add subject gid 80 object not gid 80 mode rxws; > ]]] > Doesn't the above mean that an apache user (eg, user-supplied CGI > process, PHP script, etc) has the ability to read (and write!) anything > in the filesystem? MAC restrictions apply in addition to normal restrictions, i.e. an access is allowed only if both the normal filesystem permissions and ugidfw permit it. -- Jilles Tjoelker _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 jilles. 的文章
文章代碼(AID): #12Mfe100 (FB_security)
更多 jilles. 的文章
文章代碼(AID): #12Mfe100 (FB_security)