← Back to branch summary

~ubuntu-branches/ubuntu/vivid/lighttpd/vivid-proposed

« back to all changes in this revision

Viewing changes to debian/conf-available/15-fastcgi-php.conf

  • Committer: Package Import Robot
  • Author(s): Lorenzo De Liso
  • Date: 2013-03-25 11:55:53 UTC
  • Revision ID: package-import@ubuntu.com-20130325115553-02d1auxrzl4fvcs2
Tags: 1.4.31-3ubuntu2
* Import change from debian version 1.4.31-4:
  - CVE-2013-1427: Switch the socket path for PHP when using FASTCGI. /tmp 
    is world-writable which may cause security implications if an attacker
    manages to control /tmp/php.socket before the web server (re-)starts.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/conf-available/15-fastcgi-php.conf
6
6
fastcgi.server += ( ".php" => 
7
7
        ((
8
8
                "bin-path" => "/usr/bin/php-cgi",
9
 
                "socket" => "/tmp/php.socket",
 
9
                "socket" => "/var/run/lighttpd/php.socket",
10
10
                "max-procs" => 1,
11
11
                "bin-environment" => ( 
12
12
                        "PHP_FCGI_CHILDREN" => "4",