httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: [RFC] A new hook: invoke_handler and web-application security
Date Wed, 08 Apr 2009 06:44:51 GMT

On 8 Apr 2009, at 03:27, Graham Dumpleton wrote:

[following up to Graham because two posts by him are all I have
in this thread]

> 2009/4/8 KaiGai Kohei <kaigai@ak.jp.nec.com>:
>> Graham Dumpleton wrote:
>>> Explain first why using FASTCGI and suexec wouldn't be a better  
>>> option?
>>
>> Thease are limited to cgi applications, so we cannot apply such kind
>> of restriction on the built-in script languages and references on
>> static documents (like *.html).

So why would a selinux context want to limit itself to the handler  
phase?
Why not set the security  context first thing in the request  
processing cycle,
as with mod_privileges?

-- 
Nick Kew


Mime
View raw message