Ted Byers wrote:
What I don't know is whether a malicious user can bypass that to hack directly into the sever itself. The admin I spoke to yesterday indicated that one of the worst offenders for opening vulnerabilitys is eval as implemented in PHP. But, not really being a PHP programmer, I do not know if that is due to sloppy PHP programming, poor design of the web application, of a defect in the PHP interpreter that in the wrong hands, gives the wrong hands access to the server's OS itself.
All of those.
To be more to the point. Apparmor and selinux do provide additional security, but for for the faint-harted.
So, then,is the admin I spoke to right in saying that apparmor causes more trouble than it solves,
I would disagree with that.
or rather that it requires such expertise to configure correctly that it is easy to make a mistake setting it up that in turn breaks a lot of things?
I would disagree with that too. apparmor is easily configured, and easily altered when you come across issues. -- Per Jessen, Zürich (12.8°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org