Re: [php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems

To: Christoph Anton Mitterer <calestyo@scientia.net>
Cc: debian-apache@lists.debian.org, 674089@bugs.debian.org, pkg-php-maint@lists.alioth.debian.org
Subject: Re: [php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems
From: Stefan Fritsch <sf@debian.org>
Date: Thu, 16 Aug 2012 00:24:12 +0200
Message-id: <[🔎] 201208160024.12663.sf@debian.org>
In-reply-to: <[🔎] 1345062303.3407.72.camel@fermat.scientia.net>
References: <201206011616.15374.sf@debian.org> <[🔎] 201208152107.01967.sf@debian.org> <[🔎] 1345062303.3407.72.camel@fermat.scientia.net>

On Wednesday 15 August 2012, Christoph Anton Mitterer wrote:
> On Wed, 2012-08-15 at 21:07 +0200, Stefan Fritsch wrote:
> > Since we have gone to great pains to not use the magic MIME types
> > anymore, I think we should not recommend them here. Or at least
> > not as the first option.
> 
> Stefan, can you please elaborate on what you mean with magic MIME
> types? (you're talking about MIME type discovery via libmagic or
> similar? That would be not what's suggested above!)

The mime types that are also handler names and cause mod_php to 
execute scripts, i.e. application/x-httpd-php and application/x-httpd-
php-source. Using these as mime types is dangerous because they may 
also cause things named like foo.php.bar to be executed.

Reply to:

Follow-Ups:
- Re: [php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

References:
- Re: [php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems
  - From: Stefan Fritsch <sf@debian.org>
- Re: [php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: Re: [php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems
Next by Date: Re: [php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems
Previous by thread: Re: [php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems
Next by thread: Re: [php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems
Index(es):
- Date
- Thread