[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#115312: PROPOSAL make cgi-bin applications non-executable by default.

Package: debian-policy
Severity: wishlist
Version: 3.5.6.0

First attempt at changing policy, so if you have a suggestion, feel
free.

--- policy.sgml	Thu Oct 11 14:20:37 2001
+++ policy-cgi.sgml	Thu Oct 11 14:31:26 2001
@@ -6471,11 +6471,20 @@
 	  <enumlist>
 	    <item>
 	      <p>
-		Cgi-bin executable files are installed in the
+Cgi-bin executable files
+	must be installed non-executable (e.g. mode 0644) by default.
+	The package may ask the user via debconf or similar means to enable the
+	applications, and do so if indicated. The answer may be stored for future
+ 	use. The maintainer may opt to print a notification that the user should
+ 	manually enable the cgi files. The package should present a brief notice
+	of the security risks of cgi applications.
+
+Cgi-bin files are installed in the		
 		directory
 		<example compact="compact">
 /usr/lib/cgi-bin/<var>cgi-bin-name</var>
 		</example>
 		and should be referred to as
 		<example compact="compact">
 http://localhost/cgi-bin/<var>cgi-bin-name</var>

-- 
Unix Staff, High Energy Physics Group   <brusso@phys.hawaii.edu>
Debian/GNU Linux! http://www.debian.org <wolfie@debian.org>
Reply to: