*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: selinux-policy-refpolicy I've been teaching selinux under RHEL for several months and just got it set up under Ubuntu, here is an observation: [EMAIL PROTECTED]:/var/www# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file: refpolicy <in case you don't believe me, here's some more output...> [EMAIL PROTECTED]:/var/www# getenforce Enforcing [EMAIL PROTECTED]:/var/www# getsebool -a allow_execheap --> on allow_execmem --> on allow_execmod --> on allow_execstack --> on allow_mount_anyfile --> on allow_polyinstantiation --> off allow_ptrace --> off allow_ssh_keysign --> off allow_user_mysql_connect --> off allow_user_postgresql_connect --> off allow_write_xshm --> off allow_ypbind --> off global_ssp --> off mail_read_content --> off nfs_export_all_ro --> off nfs_export_all_rw --> off read_default_t --> on read_untrusted_content --> off secure_mode --> off secure_mode_insmod --> off secure_mode_policyload --> off ssh_sysadm_login --> off use_lpd_server --> off use_nfs_home_dirs --> off use_samba_home_dirs --> off user_direct_mouse --> off user_dmesg --> off user_rw_noexattrfile --> off user_tcp_server --> off user_ttyfile_stat --> off write_untrusted_content --> off xdm_sysadm_login --> off As far as I can tell, apache isn't protected. Here's why this is a problem: [EMAIL PROTECTED]:/var/www# ls -Z shadow system_u:object_r:shadow_t shadow [EMAIL PROTECTED]:/var/www# links -dump http://localhost/shadow root:thislinehasbeenchangedforsecurity!:13919:0:99999:7::: daemon:*:13801:0:99999:7::: bin:*:13801:0:99999:7::: sys:*:13801:0:99999:7::: sync:*:13801:0:99999:7::: games:*:13801:0:99999:7::: man:*:13801:0:99999:7::: lp:*:13801:0:99999:7::: mail:*:13801:0:99999:7::: news:*:13801:0:99999:7::: uucp:*:13801:0:99999:7::: <***snip***> (yes, this would be the same output that'd you'd get through a web browser, local or remote) More info: [EMAIL PROTECTED]:/var/www# cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=8.04 DISTRIB_CODENAME=hardy DISTRIB_DESCRIPTION="Ubuntu hardy (development branch)" [EMAIL PROTECTED]:~# apt-cache policy selinux-policy-refpolicy selinux-policy-refpolicy: Installed: 0.0.20071214-0ubuntu2 Candidate: 0.0.20071214-0ubuntu2 Version table: *** 0.0.20071214-0ubuntu2 0 500 http://archive.ubuntu.com hardy/universe Packages 100 /var/lib/dpkg/status ** Affects: refpolicy (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- selinux policy allows apache access to type shadow_t https://bugs.launchpad.net/bugs/203436 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
