Replace binfmt_misc with Apache handlers

[andersk]

Our AFS patch currently marks every file as executable. This was done to allow the binfmt_misc hack to work for Perl, PHP, Python, and Mono scripts. Previously binfmt_misc was also used for static content, until it became clear that this opens an exploitable security problem with MediaWiki? uploads.

We should be able to completely replace the binfmt_misc hack with a solution based on Apache handlers.

• I suspect Perl and Python don’t need special handlers at all (since Perl and Python programmers expect to need shebang lines), although we may need some kind of transition period to check whether users are relying on the executable bit.
• We can wrap PHP in a handler that performs extra security checks, such as that the extension really is .php. This handler could later grow into the FastCGI PHP proxy pony. It could also solve #2.
• Static content should also become a handler, so that users can add their own static extensions.
• As for Mono, well, what the fuck. (Maybe keep binfmt_misc but require explicit executable bits for that.)

The hardest problem is how to get these Apache handlers to run with the correct uid. My last proposal was a FUSE filesystem that I have prototyped at /mit/andersk/Public/scripts/scriptswrapfs.c, but I’d be interested in better ideas.

[quentin]

We no longer automatically set +x on files. We still support binfmt_misc. I am downgrading the severity of this bug.