Public bug reported: The recent security update to php5 broke common configurations for php5-fpm.
>From IRC: <asomething> mdeslaur, did you see jdub's comment in LP: #1307027? <ubottu> Launchpad bug 1307027 in php5 (Ubuntu) "php5-fpm: Possible privilege escalation due to insecure default permissions of sockets" [Undecided,Fix released] https://launchpad.net/bugs/1307027 <asomething> I'm seeing the same thing. I seeing the same thing. Even on a fresh install I need to go edit /etc/php5/fpm/pool.d/www.conf to get php5-fpm working <mdeslaur> asomething: yes, you need to either relax permissions, or configure it with the account whatever you're accessing it is using * roadmr has quit (Quit: Good night) <mdeslaur> asomething: whatever procedure you followed to configure integration between your web server and php-fpm needs to be modified <asomething> hmm... ok. are you saying there is no secure default that will work out of the box? I can handle that, but it seems to break most documentation on the web <mdeslaur> we could make it default to www-data perhaps...not sure that would cover all the use cases <asomething> that seems to be the most common, but maybe I'm just not aware of other uses <mdeslaur> if someone can file a bug, and attach a debdiff, I'll sponsor it for an SRU assuming the SRU team considers it an appropriate change <mdeslaur> asomething: actually, just file a bug, and I'll push it out as a regression fix <asomething> ok, will do <mdeslaur> asomething: thanks <infinity> mdeslaur: Yeah, that's a perfectly reasonable fix. All webservers in Debian/Ubuntu are meant to run as www-data, so that would cover the common case. <infinity> mdeslaur: People with weird setups are on their own, but they already knew that. <mdeslaur> infinity: ok, will do, thanks ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: php5-fpm 5.5.9+dfsg-1ubuntu4.1 ProcVersionSignature: Ubuntu 3.13.0-29.53-generic 3.13.11.2 Uname: Linux 3.13.0-29-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.14.1-0ubuntu3.2 Architecture: amd64 CurrentDesktop: Unity Date: Wed Jun 25 11:34:20 2014 InstallationDate: Installed on 2014-04-08 (78 days ago) InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Daily amd64 (20140408) SourcePackage: php5 UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: php5 (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: php5 (Ubuntu Saucy) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: php5 (Ubuntu Trusty) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: php5 (Ubuntu Utopic) Importance: Undecided Status: Fix Released ** Tags: amd64 apport-bug trusty -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1334337 Title: Regression: php5-fpm's socket should be accessible by www-data by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1334337/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
