Bug#115312: PROPOSAL make cgi-bin applications non-executable by default.
First attempt at changing policy, so if you have a suggestion, feel
--- policy.sgml Thu Oct 11 14:20:37 2001
+++ policy-cgi.sgml Thu Oct 11 14:31:26 2001
@@ -6471,11 +6471,20 @@
- Cgi-bin executable files are installed in the
+Cgi-bin executable files
+ must be installed non-executable (e.g. mode 0644) by default.
+ The package may ask the user via debconf or similar means to enable the
+ applications, and do so if indicated. The answer may be stored for future
+ use. The maintainer may opt to print a notification that the user should
+ manually enable the cgi files. The package should present a brief notice
+ of the security risks of cgi applications.
+Cgi-bin files are installed in the
and should be referred to as
Unix Staff, High Energy Physics Group <firstname.lastname@example.org>
Debian/GNU Linux! http://www.debian.org <email@example.com>