[php-maint] Bug#687418: Updating php5 to 5.4.4-5 broke FastCGI setup on my machine

Christoph Anton Mitterer calestyo at scientia.net
Mon Sep 17 21:30:46 UTC 2012 

On Mon, 2012-09-17 at 22:50 +0200, Matthias Urlichs wrote:
> > AFAIU, it doesn't really enable anything... it just sets a different
> > handler, which may take away handling from what you've set up.
> Your understanding is incomplete.
> The postinst script specifically calls a2enable.
It does,... but there is no LoadModule directive in the respective
config files; just the config snippets for the handler assignments and
some comments, as I've said before.
(We're still talking about php5-cgi's php5-cgi.conf/.load files, are
we?)


> > As said above, we don't do this anyway.... there is not even a php5_cgi
> > _module_... this is just a trick ;)
> I know. But the trick backfired.
Yeah,... well... to be honest I don't think there's an automatic "fix"
to get everything working as it was.
We should add another bunch of notes to the release files, that the
SetHandler definitions from php5-cgi's config snippets may override
other Handler definitions.

But as I said, Apache configs may be just way to complex to handle this
all out of the box; at least I don't see a way currently.

Perhaps one should also add note, that these "fake" module config files
are added and that admins are expected to have a look at it.


At least I don't see a way to take these "fake" module config files as
this would not only break sites, but also cause security issues (php
files being exposed).


Questions for those who are affected by this bug:
1) So you have both, php5-cgi AND libapache2-mod-fcgid installed, right?
2) Then what happens is, the Handler from php5_cgi.conf overrides the
way (whatever you did) to get .php files interpreted, right?
3) Obviously, .php files are then neither interpreted by "normal" CGI,
as Action directives are missing (and perhaps ScriptAlias and other
things), right?

So we definitely get broken services (which by itself may cause security
issues - but no one could really ever cannot cover these kinds of
issues).
Big problem though is, are the files then served as normal files by
Apache?


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5450 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20120917/fbe096d6/attachment-0005.bin>

More information about the pkg-php-maint mailing list