[Apparmor-general] x access for all files served by apache?!
Christian Boltz
apparmor at cboltz.de
Sun Jan 13 09:34:18 MST 2008
Hello,
I found some interesting things in my audit.log - it seems apache uses x
permissions for any file it serves if the file has execute permissions.
Example (anonymized):
type=APPARMOR msg=audit(1200045134.462:703287): PERMITTING x access
to /home/www/.../httpdocs/typo3/typo3conf/ext/.../gsttopcontent_defaultlink_icon.gif
(httpd2-prefork(32563) profile /usr/sbin/httpd2-prefork active
vhost_...)
ls -l output:
-rwxrwxr-x ... gsttopcontent_defaultlink_icon.gif
Well, x permissions for a gif image are crazy, but there are people out
there that have even better ideas than murphy: customers ;-)
Files without x permissions do not cause the mentioned log message.
Is it expected behaviour that apache executes image files with x
permissions? (And: Is the apparmor mailinglist the correct place for
this? Or should I file a bugreport against apache?)
Regards,
Christian Boltz
--
> DealOnDemand
Linux und Drogen, ich hab es schon immer gewusst ;-)))))
[> Manfred Tremmel und Philipp Thomas in suse-linux]
More information about the Apparmor-general
mailing list