[rsbac] Apache over SSL - MAP_EXEC
Michal Purzynski
albeiro at polsl.gliwice.pl
Thu May 12 10:47:20 CEST 2005
On 11 maj, 2005, at 21:12, Ales Svoboda wrote:
> Hi,
>
> I have here a strange problem with Apache. I am using RSBAC module FF
> and all files that are accessed over web are marked as no_execute and
> no_mount (544)
>
> When I try to access these files over http it is working perfectly,
> but when I run over https I get this message:
>
> rsbac_adf_request(): request MAP_EXEC, pid 6422, ppid 6418, prog_name
> httpd, uid 1016, audit_uid 1016, target_type FILE, tid Device 03:01
> Inode 182294 Path /home/test/www/_ISP/index.html, attr prot_bits,
> value 5, result NOT_GRANTED (Softmode) by FF
>
> Here is my httpd.conf
> NameVirtualHost *:80
>
> <VirtualHost *:80>
> ServerName www.testik.cz
> DocumentRoot /home/test/www
> </VirtualHost>
> <IfDefine SSL>
> <VirtualHost *:443>
> ServerName www.testik.cz
> DocumentRoot /home/test/www
> SSLEngine On
> SSLCertificateFile /home/test/ssl/server.crt
> SSLCertificateKeyFile /home/test/ssl/server.key
> </VirtualHost>
> </IfDefine>
>
> As you can see - it is accessing the same file and the difference is
> really in SSL, because if I remove SSLEngine On then it runs OK.
>
> Anyone has any idea? Thanks in advance.
>
>
Apache is mmaping files it's serving instead of reading it in normal
way. This request indicates it does it with MAP_EXEC flag what's at
least strange. Nothing new thought, same problem with other security
systems. It's entirely apache fault.
Albeiro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 824 bytes
Desc: This is a digitally signed message part
Url : http://rsbac.dyndns.org/pipermail/rsbac/attachments/20050512/98e365da/PGP.bin
More information about the rsbac
mailing list