[drupal-devel] 4.5.2 Image module, PHP exec, SELinux problems
morbus at disobey.com
Mon Apr 18 19:50:01 UTC 2005
> Is anyone else running Drupal on Fedora FC3 or any other system
> implementing targeted policy for Security Enhanced Linux?
No, but I know what you're talking about.
> I'm having the following issue: image module execs the
> convert binary from the imagemagick package. Because this call
> passes command line arguments, PHP execs bash to process the command.
> The default SELinux policy does not allow httpd to execute bash, and
> Has anyone found a reasonable compromise for this situation?
I believe the policy allows httpd to execute Perl (for CGI scripts), so
you could make a Perl wrapper script to call 'convert', then modify your
policy to allow that script access to 'convert'. I think. I've had so much
(un-related Drupal problems) with SELinux that I ended up turning it off.
Morbus Iff ( you are nothing without your robot car, NOTHING! )
Culture: http://www.disobey.com/ and http://www.gamegrene.com/
Spidering Hacks: http://amazon.com/exec/obidos/ASIN/0596005776/disobeycom
icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus
More information about the drupal-devel