List Archive: gentoo-hardened
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
I did reply to your question a few hours back :/
Jon Howard wrote:
> I have a Gentoo SE system up and running as per the handbook(X86),
> but I cannot get apache to execute cgi's in enforcing mode(the test ones
> that come with apache). The scripts do work in permissive. Before I
> got started in examing the apache.te file, I was wondering if I might
> have an apache configuration issue. I guess the first question that I
> have is whether perl or php scripts run in enforcing mode in the
> hardened gentoo environment "out of the box?" I installed the perl and
> php mods for apache, and changed the startup to include the -D option
> for these, but in studying the SE model, I was afraid that some other
> method for executing scripts might be in play. I removed the mods from
> the -D statup option, but I am still getting the same results. So, will
> it or won't it is my question.
won't is the short answer. the long answer has been in your inbox when you wrote to the list.
the short conclusion is that some cgi scripts need a kitchen sink to be allowed. it's up to the user to allow it or not.
> Jon Howard
Hardened Gentoo Linux