[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#115312: PROPOSAL make cgi-bin applications non-executable by default.

On Thu, Oct 11, 2001 at 02:35:07PM -1000, Brian Russo wrote:
> +Cgi-bin executable files
> +	must be installed non-executable (e.g. mode 0644) by default.
> +	The package may ask the user via debconf or similar means to enable the
> +	applications, and do so if indicated. The answer may be stored for future
> + 	use. The maintainer may opt to print a notification that the user should
> + 	manually enable the cgi files. The package should present a brief notice
> +	of the security risks of cgi applications.

This is daft. Packages should be functional as soon as they're installed, not
be fundamentally broken and require administrator action. Permissions aren't
maintained over upgrades, so this will result in further breakage. And CGI
applications with security issues shouldn't be packaged.

Cheers,
aj

-- 
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

 "Security here. Yes, maam. Yes. Groucho glasses. Yes, we're on it.
   C'mon, guys. Somebody gave an aardvark a nose-cut: somebody who
    can't deal with deconstructionist humor. Code Blue."
		-- Mike Hoye,
		      see http://azure.humbug.org.au/~aj/armadillos.txt
Reply to: