Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re^5: LWP running as cgi

by betterworld (Deacon)
on Sep 22, 2008 at 23:10 UTC ( #713118=note: print w/ replies, xml ) Need Help??


in reply to Re^4: LWP running as cgi
in thread LWP running as cgi

SELinux is blocking httpd processes from connecting to the net (probably to stop hackers from attacking other machines from httpd)

There is another reason to keep the webserver from accessing the internet. Sometimes web applications have security holes that allow an attacker to execute a program that is available on the net, like with PHP's remote include "feature". Or the attacker's payload (like a spambot or rootkit) might be too big for a vulnerable web form.

While it should be preferable to avoid having security holes in web applications; I think it is prudent to make it hard to exploit a vulnerability to take over a system. Therefore I suggest that you think carefully before disabling these security measures.


Comment on Re^5: LWP running as cgi
Re^6: LWP running as cgi
by elwoodblues (Novice) on Sep 23, 2008 at 02:36 UTC
    Yes, you are correct. Like I said above, the best way is to generate a local exclusion policy to lock it to only allow access to what you explicitly need.
    I was mainly interested in finding out what caused this behaviour. I don't run SELinux, and after reading the doco, doubt I ever will until they make it easier to configure. Yes, it is very secure, but is the added complexity required for most installs? Really depends upon your application, but for my laptop running a development web server...naw.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://713118]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (6)
As of 2014-12-20 22:27 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (99 votes), past polls