[Pkg-mediawiki-devel] Bug#747463: index.php is not executable, breaking CGI

Joe Rayhawk jrayhawk at omgwallhack.org
Fri May 9 08:47:02 UTC 2014


On Fri, May 09, 2014 at 09:34:47AM +0200, Thorsten Glaser wrote:
> On Thu, 8 May 2014, Joe Rayhawk wrote:
> 
> > CGI-based execution of mediawiki is made possible with chmod a+x
> > /usr/share/mediawiki/index.php. It would be nice if this were made
> > default so our mediawiki installations wouldn't break with every
> > upgrade.
> 
> No:
> 
> ① the file has no shebang

That's what binfmt-misc exists for.

>http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
> 
>   I have no trust in the PHP people to keep CGI secure.

I have no trust in PHP period, that's why I run it under a separate
privilege level, which is why I need an external execution interface,
which is why I am filing this bug. php5-cgi is a thing that is packaged
for a reason; is there an actual downside to giving this executable code
an execution bit?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mediawiki-devel/attachments/20140509/38bfdd42/attachment-0002.sig>


More information about the Pkg-mediawiki-devel mailing list