1 |
Hi, |
2 |
|
3 |
I'm just fine-tuning a machine running Hardened Gentoo Linux. I started |
4 |
from stage1 and build the whole system with USE hardened. I have ~x86 |
5 |
also. I set up tikiwiki CMS from portage (v1.8.2 Sirius). Other remarkable |
6 |
versions: Apache:2.0.50, mod_ssl:2.0.50, OpenSSL:0.9.7d, PHP:4.3.8.I'm about to work out an ACL system based on Grsecurity, being in the |
7 |
evaluation period for the required ACLs. I noticed a strange symptom, that |
8 |
apache2 keeps creating some kind of temporary files in the root directory |
9 |
(I mean real root, not the www root) with scrambled names, which it |
10 |
immediately erases. It also uses /tmp with similar srambled names.Other php based web programs (squirrelmail, phpscheduleit) do not show |
11 |
this phenomenon.As it was highlighted, I had to notice that apache tries to write in /. |
12 |
Although I specified to run as apache:apache in commonapache2.conf, after |
13 |
executing /etc/init.d/apache2 start, one instance of the httpd remains |
14 |
root, the others continue to run as apache. Is it the normal behaviour?Php session files are stored in a separate folder for security reasons, |
15 |
php-accelerator uses exclusively /tmp directory. |
16 |
What can be the reason? Has anyone experienced the same? |
17 |
I haven't find any configuration options in possible conjunction with this |
18 |
issue. |
19 |
I suspect multiple problems here. Firstly: why apache run under root, if I |
20 |
set it to apache:apache, secondly: why it tries to create directories in |
21 |
/?In addition - to make this issue more complicated - the learned acl rules |
22 |
show, that apache2 tries to create these damned files only as apache, not |
23 |
as root (it is listed only in the apache role not in the root role). |
24 |
Please share your ideas and suggestions. |
25 |
|
26 |
Thx, |
27 |
Dw. |
28 |
|
29 |
-- |
30 |
dr Tóth Attila, Radiológus Rezidens, 06-30-5962-962 |
31 |
Attila Toth MD, Radiology Resident, +36-30-5962-962 |
32 |
|
33 |
|
34 |
|
35 |
-- |
36 |
gentoo-hardened@g.o mailing list |