On Thu, 2012-08-16 at 00:24 +0200, Stefan Fritsch wrote: > > Stefan, can you please elaborate on what you mean with magic MIME > > types? (you're talking about MIME type discovery via libmagic or > > similar? That would be not what's suggested above!) > > The mime types that are also handler names and cause mod_php to > execute scripts, i.e. application/x-httpd-php and application/x-httpd- > php-source. Using these as mime types is dangerous because they may > also cause things named like foo.php.bar to be executed.
Well the same is (IIRC) the case when you use handlers? No? Anyway,... the configuration snippets I proposed in #674205 are _NOT_ vulnerable to the issue you describe, even though using AddType. btw: I've emphasised this several times already,... Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature