[drupal-devel] 4.5.2 Image module, PHP exec, SELinux problems

Morbus Iff morbus at disobey.com
Mon Apr 18 19:50:01 UTC 2005

> Is anyone else running Drupal on Fedora FC3 or any other system
> implementing targeted policy for Security Enhanced Linux?

No, but I know what you're talking about.

> I'm having the following issue: image module execs the
> convert binary from the imagemagick package. Because this call
> passes command line arguments, PHP execs bash to process the command.
> The default SELinux policy does not allow httpd to execute bash, and
> Has anyone found a reasonable compromise for this situation?

I believe the policy allows httpd to execute Perl (for CGI scripts), so 
you could make a Perl wrapper script to call 'convert', then modify your 
policy to allow that script access to 'convert'. I think. I've had so much 
(un-related Drupal problems) with SELinux that I ended up turning it off.

Morbus Iff ( you are nothing without your robot car, NOTHING! )
Culture: http://www.disobey.com/ and http://www.gamegrene.com/
Spidering Hacks: http://amazon.com/exec/obidos/ASIN/0596005776/disobeycom
icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus

More information about the drupal-devel mailing list