Inside SELinux on Fedora Core 3 [LWN.net]

Inside SELinux on Fedora Core 3

Posted Oct 8, 2004 14:12 UTC (Fri) by erich (subscriber, #7127)
Parent article: Inside SELinux on Fedora Core 3

One of the big problems of SELinux (and any other process-based access control system, including unix access rights) and Java (and any other VM system, designed to run applications inside a big process, including libapache-mod-perl and PHP) is that it cannot tell the difference between the different users owning the applications or the applications themselves.
For SELinux (or Unix...) the applications at still the calling apache (or tomcat, whatever), running in the apache domain, using the apache userid (www-data etc. usually)
This is a big problem with Java, PHP & Co. If you want to build a secure system you'll want to run every application in a separate domain. Big VMs make this way to slow.
Unless someone comes up with a way of having Java or PHP being a service and cheap (= little memory, little startup) slave daemons that run in separate security contexts, i will avoid using these.
In fact, shared libraries solve this mostly for C applications.
Of course for important apps you can run an own java VM or PHP daemon using FastCGI to get the security back.
Or you can try to compile java apps using gcj.

(Log in to post comments)

Inside SELinux on Fedora Core 3

Posted Oct 10, 2004 12:10 UTC (Sun) by steffen (subscriber, #23586) [Link]

Would not Apache + PHP using FastCGI the solution to the problem you mention?

Inside SELinux on Fedora Core 3

Posted Oct 10, 2004 13:42 UTC (Sun) by erich (subscriber, #7127) [Link]

Yes, but you would need to run a separate PHP interpreter for *each* independent service with different access rights.
I.e. for each user using php.
Same for Java. And each needs its own not-too-tiny share of memory, etc.

Also the fastcgi apache modules are not considered DFSG-free.

I already mentioned FastCGI in my posting, btw.