Re: [php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems

To: debian-apache@lists.debian.org, 674089@bugs.debian.org, pkg-php-maint@lists.alioth.debian.org
Cc: Christoph Anton Mitterer <calestyo@scientia.net>, Charles Plessy <plessy@debian.org>
Subject: Re: [php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems
From: Stefan Fritsch <sf@debian.org>
Date: Wed, 15 Aug 2012 21:07:01 +0200
Message-id: <[🔎] 201208152107.01967.sf@debian.org>
In-reply-to: <[🔎] CALjhHG9G3Ub5E9fWgozAkGJ1APb_syY9EJ3cR5EvoMhfxLwimw@mail.gmail.com>
References: <201206011616.15374.sf@debian.org> <[🔎] 1344998074.3368.26.camel@fermat.scientia.net> <[🔎] CALjhHG9G3Ub5E9fWgozAkGJ1APb_syY9EJ3cR5EvoMhfxLwimw@mail.gmail.com>

Thanks for coming up with some wording.

On Wednesday 15 August 2012, Ondřej Surý wrote:
>  In order to avoid any problems when not using Apache PHP5 module,
> and if you relied on MIME type definitions, read the README.Debian
> from the php5-common package on how to correctly configure PHP 5
> running as a CGI or FastCGI (examples are provided for the Apache
> HTTPD Server) and take care, that and PHP files intended to be
> interpreted are recognised as such (typically by adding MIME-Type
> or handler definitions in the webserver configuration).

Since we have gone to great pains to not use the magic MIME types 
anymore, I think we should not recommend them here. Or at least not as 
the first option.

Also, there is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670945 
to take into account. Is the wording still ok if the solution I 
suggested is implemented?

Reply to:

Follow-Ups:
- Re: [php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

References:
- Re: Bug#674089: [php-maint] Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: [php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems
  - From: Ondřej Surý <ondrej@debian.org>

Prev by Date: apr-util_1.4.1-3_i386.changes ACCEPTED into unstable
Next by Date: Re: [php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems
Previous by thread: Re: [php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems
Next by thread: Re: [php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems
Index(es):
- Date
- Thread