Bug 192925 - lang/php5: php-fpm.conf: socket ownership / missing UPDATING notice
Summary: lang/php5: php-fpm.conf: socket ownership / missing UPDATING notice
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Alex Dupre
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-08-22 18:06 UTC by Christian Schwarz
Modified: 2017-03-07 11:52 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Schwarz 2014-08-22 18:06:40 UTC
Recently, the following bug was found in php / php-fpm:

https://bugs.php.net/bug.php?id=67060 (PHP CVE 2014-0185)

This affects the php-fpm.conf: To avoid privilege escalation, php-fpm now creates sockets with more restricted permissions. The downside: You have to specify the webserver to be the owner of the socket for the pool.

listen.owner = <socket unix owner>
listen.group = <socket unix group>

If the sockets cannot be accessed by the webserver due to insufficient privileges, you have a Bad Gateway.

I would like to see this be part of the /usr/ports/UPDATING notice.
Comment 1 John Marino freebsd_committer freebsd_triage 2014-08-22 19:46:08 UTC
what port does this belong to?

searching freshports for "php-fpm" doesn't yield results.
Comment 2 Christian Schwarz 2014-08-22 19:47:29 UTC
I think php-fpm is part of the lang/php5 port, which is currently PHP version 5.4.x

(In reply to John Marino from comment #1)
> what port does this belong to?
> 
> searching freshports for "php-fpm" doesn't yield results.
Comment 3 John Marino freebsd_committer freebsd_triage 2014-08-22 19:49:41 UTC
over to php5 maintainer.
Comment 4 Torsten Zuehlsdorff freebsd_committer freebsd_triage 2017-03-07 11:52:38 UTC
Close this very old ticket.

The php-fpm configuration was overhauled in the last 2 years multiple times. And the port lang/php5 does no longer exists.

As far as i can see the problem has vanished :)