Hey. I would like to see the following with respect to PHP and all packages using PHP: 1) We should try to educate users not to use mod_php. From a security POV it's rather problematic, as it runs in server context. And for people really needing the performance, FPM should be an equally good solution. There are other issues with mod_php, like not being able to use all MPMs. 2) Because of (1) other packages should no longer assume mod_php is in place... they should provide support for all the SAPIs (as far as this is possible). 3) Especially packages should no longer automatically set things up for mod_php. IMHO it's (security wise) generally a bad idea to have such stuff enabled out of the box by just installing a package. A solution could be, that packages use debconf, and allow the user to either set up nothing automagically,... or let the user choose between a SAPI / webserver combination. This would also allow packages, to provide out of the box support for privilege separation, which could then in turn be used to do e.g. clean and secure authentication against local databases (wich are often used in that context). 4) One might further try to harden the default php.ini much more... and debian packages using PHP could ship their additions, which then allow things that are required. Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature