[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#115312: PROPOSAL make cgi-bin applications non-executable by default.

Package: debian-policy
Severity: wishlist

First attempt at changing policy, so if you have a suggestion, feel

--- policy.sgml	Thu Oct 11 14:20:37 2001
+++ policy-cgi.sgml	Thu Oct 11 14:31:26 2001
@@ -6471,11 +6471,20 @@
-		Cgi-bin executable files are installed in the
+Cgi-bin executable files
+	must be installed non-executable (e.g. mode 0644) by default.
+	The package may ask the user via debconf or similar means to enable the
+	applications, and do so if indicated. The answer may be stored for future
+ 	use. The maintainer may opt to print a notification that the user should
+ 	manually enable the cgi files. The package should present a brief notice
+	of the security risks of cgi applications.
+Cgi-bin files are installed in the		
 		<example compact="compact">
 		and should be referred to as
 		<example compact="compact">

Unix Staff, High Energy Physics Group   <brusso@phys.hawaii.edu>
Debian/GNU Linux! http://www.debian.org <wolfie@debian.org>

Reply to: