This is the last call for comments for the review of debconf templates for haserl. The reviewed templates will be sent on Saturday, July 30, 2011 to the package maintainer as a bug report and a mail will be sent to this list with "[BTS]" as a subject tag. --
Template: haserl/setuid Type: boolean Default: false _Description: Install haserl binary with suid root permissions? When haserl is installed with suid root permissions, it will automatically set its UID and GID to match the owner and group of the script. . This is a potential security vulnerability, as scripts that are owned by root will be run as root, even when they do not have the suid root bit.
Source: haserl Section: interpreters Priority: optional Maintainer: Chow Loong Jin <hyperair@ubuntu.com> Build-Depends: debhelper (>= 7.0.50~), po-debconf, autotools-dev, liblua5.1-0-dev, pkg-config Standards-Version: 3.9.1 Homepage: http://haserl.sourceforge.net/ Vcs-Git: git://git.debian.org/collab-maint/haserl.git Vcs-Browser: http://git.debian.org/?p=collab-maint/haserl.git;a=summary Package: haserl Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Recommends: lua5.1 Description: CGI scripting program for embedded environments Haserl is a CGI wrapper that allows PHP-style programming in Lua or a POSIX-compliant shell. It is very small, so it can be used in embedded environments, or where something like PHP is too big. . It combines three features into a small CGI engine: * It parses POST and GET requests, placing form-elements into the environment as name=value pairs for the CGI script to use. This is somewhat similar to the uncgi wrapper. * It opens a shell, and translates all text into printable statements. All text within <% ... %> constructs is passed verbatim to the shell. This is somewhat similar to how PHP scripts are parsed. * It can be set up to drop its permissions to the owner of the script, giving it some of the security features of suexec or cgiwrapper.
Attachment:
signature.asc
Description: Digital signature