[php-maint] Bug#703740: Bug#703740: php5: disabled modules are automatically readded to /etc/php5/conf.d on package upgrade
Ondřej Surý
ondrej at debian.org
Sat Mar 23 09:47:57 UTC 2013
tag 703740 -security
severity 703740 wishlist
php5{en,dis}mod are tools for modules to handle the install/remove/purge.
If you want the module disabled either uninstall it, or comment it in the
conf file.
O.
On Sat, Mar 23, 2013 at 1:05 AM, Christoph Anton Mitterer <
calestyo at scientia.net> wrote:
> Source: php5
> Version: 5.4.4-15
> Severity: important
> Tags: security
>
>
> Hi.
>
> I just noted by chance on an upgrade, that the following files were
> automatically added back
> Only in /etc/php5/cgi/conf.d: 20-pdo_pgsql.ini
> Only in /etc/php5/cgi/conf.d: 20-pgsql.ini
> Only in /etc/php5/conf.d: 20-pdo_pgsql.ini
> Only in /etc/php5/conf.d: 20-pgsql.ini
> which I've had disabled before.
>
> IMHO that shouldn't happen... actually I think, that it would even be
> better, if _no_
> modules are automatically loaded... auto-magic stuff is nice for
> out-of-the-box games,
> but not for serious and secure administration :) ... perhaps a release
> goal for jessie?! ;)
>
>
> I mark this as important/security, as unintentionally enabling a module in
> the "global" /etc/php5/conf.d
> could be an issue if that is e.g. security critical and was intentionally
> only enabled in e.g.
> SSL client auth secured URI spaces.
>
>
> Thanks,
> Chris.
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint
>
--
Ondřej Surý <ondrej at sury.org>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20130323/2f01b95a/attachment.html>
More information about the pkg-php-maint
mailing list