Bug 284561 - Security enhancements for memcached
Security enhancements for memcached
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: memcached (Show other bugs)
7
All Linux
medium Severity low
: ---
: ---
Assigned To: Paul Lindner
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-09-10 09:33 EDT by Konstantin Ryabitsev
Modified: 2008-01-02 20:48 EST (History)
2 users (show)

See Also:
Fixed In Version: 1.2.4-2.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-02 20:34:20 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Konstantin Ryabitsev 2007-09-10 09:33:51 EDT
I have enhanced the package to incorporate the following additional security
measures:

1. Do not run as user nobody (duplicate of #253882, but it was never actually
applied to devel, so I enhanced it slightly).
2. Provide selinux policies for memcached.

You can find all of the modified/new files here:

http://icon.fedorapeople.org/f/memcached/

I'd like to see this in the official package.
Comment 1 Matthias Saou 2007-09-12 07:40:15 EDT
Maybe silly questions, but :
- Why have the selinux stuff in a separate package?
- Why include the selinux stuff here instead of asking to have it included
  in the default system policy?

Just curious :-)
Comment 2 Paul Lindner 2007-12-22 08:14:32 EST
I just reviewed the SELinux build policy at 

http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules

and this looks to be the correct implementation.

I've applied this patch and it goes into memcached-1.2.4-2

regards
Comment 3 Fedora Update System 2007-12-28 12:19:56 EST
memcached-1.2.4-2.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update memcached'
Comment 4 Fedora Update System 2008-01-02 20:34:17 EST
memcached-1.2.4-2.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2008-01-02 20:48:46 EST
memcached-1.2.4-2.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update memcached'

Note You need to log in before you can comment on or make changes to this bug.