On Fri, May 09, 2014 at 09:34:47AM +0200, Thorsten Glaser wrote: > On Thu, 8 May 2014, Joe Rayhawk wrote: > > > CGI-based execution of mediawiki is made possible with chmod a+x > > /usr/share/mediawiki/index.php. It would be nice if this were made > > default so our mediawiki installations wouldn't break with every > > upgrade. > > No: > > ① the file has no shebang
That's what binfmt-misc exists for. > ② http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ > > I have no trust in the PHP people to keep CGI secure. I have no trust in PHP period, that's why I run it under a separate privilege level, which is why I need an external execution interface, which is why I am filing this bug. php5-cgi is a thing that is packaged for a reason; is there an actual downside to giving this executable code an execution bit?
signature.asc
Description: Digital signature
