36413 – grsecurity policy for apache is wrong

Bug 36413 - grsecurity policy for apache is wrong

Summary: grsecurity policy for apache is wrong

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2003-12-24 01:27 UTC by Jeroen Elebaut
Modified:	2011-10-30 22:40 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeroen Elebaut 2003-12-24 01:27:55 UTC

there is an error in the default-gentoo-policy for grsecurity for apache.
On the first line it should be /usr/sbin/apache2.And also the following lines should be like this: 
"/usr/sbin/apache x" should be "/usr/sbin/apache2 x"
"/var/log/apache2 a" should be "/var/log/apache2 a"
"/var/run/apache.pid w" should be "/var/run/apache2.pid w"

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Comment 1 solar (RETIRED) gentoo-dev

2003-12-24 01:53:25 UTC

That policy does not support apache2 plain and simple it supports apache1. apache2's mod_php is known to have problems functioning with PAX..
So... apache2 should not be used when security matters.