[Pkg-php-commits] [php/debian-experimental] Disable mod_php in user directories (Closes: #555606) (cherry picked from commit 2e9da03ee64dbecb6d2077723455b2407ca71407)
Raphael Geissert
geissert at debian.org
Tue Jan 12 07:55:10 UTC 2010
---
debian/NEWS | 12 ++++++++++++
debian/libapache2-mod-php5.conf | 5 +++++
2 files changed, 17 insertions(+), 0 deletions(-)
diff --git a/debian/NEWS b/debian/NEWS
index 0f31b00..7386db1 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,15 @@
+php5 (5.2.12.dfsg.1-3) unstable; urgency=low
+
+ * mod_php disabled in userdirs.
+
+ The default Debian libapache2-mod-php5 package now disables the PHP
+ engine on ~public_html directories when mod_userdir is enabled, for
+ security reasons. Although discouraged, it can be re-enabled by
+ commenting the <IfModule mod_userdir.c> block in
+ /etc/apache2/mods-available/php5.conf
+
+ -- Raphael Geissert <geissert at debian.org> Mon, 11 Jan 2010 16:49:28 -0600
+
php5 (5.2.6-1) unstable; urgency=medium
* Now uses system timezone database.
diff --git a/debian/libapache2-mod-php5.conf b/debian/libapache2-mod-php5.conf
index b114a48..770f558 100644
--- a/debian/libapache2-mod-php5.conf
+++ b/debian/libapache2-mod-php5.conf
@@ -5,4 +5,9 @@
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
+ <IfModule mod_userdir.c>
+ <Directory /home/*/public_html>
+ php_admin_value engine Off
+ </Directory>
+ </IfModule>
</IfModule>
--
1.6.3.3
More information about the Pkg-php-commits
mailing list