Názor ke článku Práva na sockety u PHP-FPM od Jakub L - php5 (5.4.4-14+deb7u9) stable; urgency=medium * The default PHP FPM...

  • 2. 6. 2014 21:32

    Jakub L (neregistrovaný)

    php5 (5.4.4-14+deb7u9) stable; urgency=medium

    * The default PHP FPM socket permission has been changed from 0666
    to 0660 to mitigate security vulnerability (CVE-2014-0185) in PHP
    FPM that allowed any local user to run a PHP code under the active
    user of FPM process via crafted FastCGI client.

    The default Debian setup now correctly sets the listen.owner and
    listen.group to www-data:www-data in default php-fpm.conf. If you
    have more FPM instances or a webserver not running under www-data
    user you need to adjust the configuration of FPM pools in
    /etc/php5/fpm/p­ool.d/ so the accessing process has rights to
    access the socket.

    -- Ondřej Surý Mon, 12 May 2014 14:23:05 +0200