Fcgi starter script is editable by client
short description
A client may modify his own fcgi starter script in /var/www/php-fcgi*/web and add shell commands resulting in the commands being executed as www-data
correct behaviour
What should happen instead?
This should not be possible
environment
Deb Jessie w/ apache2
All others untestes