id	summary	reporter	owner	description	type	status	priority	milestone	component	resolution	keywords	cc
60	Replace binfmt_misc with Apache handlers	andersk		"Our AFS patch currently marks every file as executable.  This was done to allow the binfmt_misc hack to work for Perl, PHP, Python, and Mono scripts.  Previously binfmt_misc was also used for static content, until it became clear that this opens an exploitable security problem with MediaWiki uploads.

We should be able to completely replace the binfmt_misc hack with a solution based on Apache handlers.
 * I suspect Perl and Python don’t need special handlers at all (since Perl and Python programmers expect to need shebang lines), although we may need some kind of transition period to check whether users are relying on the executable bit.
 * We can wrap PHP in a handler that performs extra security checks, such as that the extension really is .php.  This handler could later grow into the FastCGI PHP proxy pony.  It could also solve #2.
 * Static content should also become a handler, so that users can add their own static extensions.
 * As for Mono, well, what the fuck.  (Maybe keep binfmt_misc but require explicit executable bits for that.)

The hardest problem is how to get these Apache handlers to run with the correct uid.  My last proposal was a FUSE filesystem that I have prototyped at /mit/andersk/Public/scripts/scriptswrapfs.c, but I’d be interested in better ideas."	enhancement	new	minor		web