-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2008-07-04 at 04:12 -0700, Martin Mielke wrote:

Hi list,

for some reason I still haven't found, my apache2::error_log file is being populated with: --- [Fri Jul 04 12:49:03 2008] [error] Failed to change_hat to 'HANDLING_UNTRUSTED_INPUT' ---

Browsing through the internet I found some posts from 20007 and 2006 pointing to AppArmor:

http://forge.novell.com/pipermail/apparmor-general/2007-January/000228.html

http://lists.suse.com/archive/suse-sles-e/2006-Jul/0175.html

so I deactivated that (a2dismod apparmor) Apache2 module and now the error message is gone.

First (obvious) questions: * is Apache2 now less secure? * is there any way to solve this issue?

For the sake of completion I have to say that I don't use AppArmor at all :-) -- which causes some debate, too: AppArmor yes, AppArmor no?

If you have a server, AA is a good thing to have. But it can also be a nuisance till adjusted. It ensures that if the daemon is compromised the attacker will not have access to files that were not allowed by design. In this case of apache I don't know if the procedure is correct, but typically you fire the yast/apparmour/update profile wizard and do the proper adjustments,, ie, giving access to the files or directories that are needed. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIbhcztTMYHG2NR9URAguPAJwKkoBNBf6Sw0+0Vs7xQ45Pe58UHACgk1tF Kl1zsZXl7CP2ypj9FgkLlBo= =Qy5+ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org