Hi,
Bastiaan van der Put schrieb:
> Building suphp 0.6.2 doesn't build on RHEL 3.0 ES because it requires
> Autoconf version 2.58 or higher ??
You should be able to build suPHP with older version of GNU autoconf.
Perhaps this is a runtime dependency caused by the fact, that the
configure script
Cian Davis schrieb:
> Also, the extension change method would cause large problems for those
> wanting to run PHP applications. They would have to change all the
> file names and all references. We run too many website to do this for
> the users. Since the default would be to run with mod_php, it
Hi,
Alexandre Busquets Triola schrieb:
> I try to install suphp with apache 2.2.4 and i have this error
>
>
> hola:/usr/src/suphp-0.6.2#
> ./configure --prefix=/usr/local/suphp2 --with-min-uid=1000
> --with-min-gid=1000
> --with-logfile=/usr/local/apache2/suphp.log --no-create --no-recursion
Hi,
vermi schrieb:
> There is a big security problem in suPHP. When activated, suPHP give to php
> the .php.jpg files. A Hacker can upload a php renamed to .php.jpg in an image
> upload form and have all access to the site :/
> The bug is not present when suPHP is loaded into memory and deactiva
Hi Sven,
crandler schrieb:
> On apache 1.3 / suPHP 0.6.2
>
> Working:
> suPHP_Engine on
> suPHP_AddHandler x-httpd-php
> AddHandler x-httpd-php .php
>
> Non-Working:
> suPHP_Engine on
> suPHP_AddHandler x-httpd-php
> AddType x-httpd-php .php
>
> Non-Working:
> suPHP_Engine on
>
Hi,
Sebastian Marsching schrieb:
While Apache 2.0 sets the r->handler attribute to the MIME type (at
least if there is no handler explicitly set), Apache 1.3 doesn't do this.
I will investigate this issue further and check how this problem can be
solved for Apache 1.3.
I fixed
Pierre Henry Perret schrieb:
> I have noticed a problem of persistence in php and httpd processes ,
> like if processes were accumulated as more and more user make requests,
> until I have to restart the apache daemon.
>
> I have tuned the config to serve more and more requests but it seems I
Hi James,
James Davis schrieb:
> [Mon Apr 23 20:13:07 2007] [warn] Script
> "/home/bwb/public_html/index.php" resolving to
> "/home/bwb/public_html/index.php" not within configured docroot
This message is referring to the global "docroot" setting in
/etc/suphp.conf (or wherever the configurati
Hi Michael,
> From: "Michael Grant" <[EMAIL PROTECTED]>
> > > Premature end of script headers: index.php
>
> Ahh, ok, I hadn't expected there would be a separate CGI versus CLI
> executable. The php-cgi executable is not the same as php!
>
> Could suphp have spotted this and put an error in the
Hi,
Martynas schrieb:
> Do you have any plans for the next releases of suPHP? Any date set for the
> next release of it?
At the moment there is no roadmap for suPHP because the devlopment of
suPHP strongly depends on my spare time.
However, I can tell you, which features are already present in
Peter Thomassen schrieb:
> Peter Thomassen wrote:
>> Is it possible to force script execution to some specified group (which is
>> not the group the file belongs to), but to still use the UID of the file
>> owner?
>
> As nobody answers, I think there isn't such an option. Where should feature
> re
Hi Drew,
Drew A. Withers schrieb:
>> That said, I have a similar "squash" in effect on my end. Accesses by
>> root on the NFS client map to UID -1 on the server -- so as long as all
>> the files involved are world-readable (as they should be) you should be
>> fine (as I'm currently looking thr
Hi Jeff,
Jeff Donchez schrieb:
> I have a script that I'm writing that's centralized on the server and
> is allowed to be executed by any domain on the server.. but suPHP
> doesn't like the fact that it is configured that way, it errors out
> when trying to run it because it's not owned by the
Sebastian Marsching schrieb:
However, if - even considering all the potential security issues - you
still want to patch suPHP to implement this behavior, you might be
interested in the attached patch.
Ooops, I forgot to attach the patch. Here it is...
applied_suphp_paranoid_checks.patch
Hi,
Am 07.03.2008 um 08:28 schrieb Alessandro De Zorzi:
safe_mode do not have only file access restriction features
(where suphp with system setting is a good solution)
for example, suppose a user change memory_limit setting
this is not possible with safe_mode=On
With the Suhosin (http://
Hi,
suPHP version 0.6.3 has just been released and can be downloaded from
http://www.suphp.org/Download.html.
It fixes two security vulnerabilities concerning symlinks. Immediate
update is strongly advised.
The first vulnerability was reported by different persons (thanks to
everyone): When t
Hi,
yesterday I finished the features I was working on during the last
months and commited them.
Now the following new features are present in the current development
version:
- Fixed "underquoted definition" warning in acinclude.m4
- mod_suphp (Apache 1.3) checks explicitly for r->content_typ
Hi Jorge,
Jorge Bastos schrieb:
> Any ideia what can i do here Sebastian?
I have not tested it, but basically suPHP should also work if there is
only a UID and GID. To use a numeric UID / GID in the Apache
configuration write
suPHP_UserGroup #100 #200
for UID 100 and GID 200 in this example.
Hi,
Brock Noland schrieb:
On Fri, Apr 25, 2008 at 1:21 AM, John Lightsey <[EMAIL PROTECTED]> wrote:
If you really want to do something like this it would be best to change
isSuperUser() to just accept these other accounts that are allowed to
own the parent directories as if they were root.
Hi,
mod_suphp is using apr_prc_create(...) to fork a subprocess that runs
the suphp binary. Unfortunately the APR API docs are unclear regarding
the wait(...) issue.
There is an apr_proc_wait(...) function, however usually, wait() is
called from within the handler handling the SIGCHLD signal
Hi,
Jeremy Chadwick schrieb:
This is more of a question for Sebastian (the author) than the rest of
us, though mailing the list is indeed the right thing to do.
I'm under the impression that Sebastian doesn't test suPHP on systems
using a threaded MPM, but tests it under systems using the prefo
Hi,
J.D. Tysko schrieb:
> We have a PHP application which needs to exec off another PHP process.
> The problem is, is that when we use a command with "php" in it,
> recursive forking is started.
When PHP is called and the CGI specific environment variables (like
PATH_INFO, PATH_TRANSLATED, etc
Hi,
Jeremy Chadwick schrieb:
> I believe "force" mode is supported on Apache 1.3.x and 2.x both, and
> the documentation is simply outdated. I've looked at the source code
> and I see no reason why force and paranoid shouldn't work under 1.3.
You are right, the documentation is just outdated re
Hi,
as a christmas present for the suPHP community, I just released suPHP
0.7.0. After this version has been running on one of my production
servers for more than half a year, I regard it as stable enough to
release it to the public.
This release brings some features that have been on the wish
Dan Mahoney, System Admin schrieb:
..I sent an email in to the mailing list about this a month ago, stating
that is was basically possible since the major blocking issue was that
the cgi versions of the php binary didn't do source higlighting (and now
apparently do).
Got no response from any
Jorge Bastos schrieb:
Does this new version allows the broken functionality of using numeric
userid's and groupid's to work?
I never had success on configuring suPHP because if this, no system users on
my machine.
I just tested it on my machine and it worked (in paranoid mode).
Let's say you
Hello,
suPHP 0.7.1 was just released.
This release fixes the bug concerning symbol links which was introduced
with the 0.7.0 release. Thanks to everyone who reported this bug.
As several people pointed out correctly, an exclamation mark was missing
preceding "directory.isSymlink()" - this was
Hi Thomas,
thanks for reporting these corrections.
I changed the documentation accordingly.
Regards,
Sebastian
___
suPHP mailing list
suPHP@lists.marsching.biz
http://lists.marsching.com/mailman/listinfo/suphp
Hi Sherin,
she...@initexperts.com schrieb:
> I have recently noticed Suphp will not support large log files. IF we
> use apache 2.2.11 with suphp 0.6.3 and the suphp_log go over 2 GB it
> will show 500 internal server error. So it seems to be suphp is not
> supporting more than 2 GB log files w
Hi Yann,
Yann Stettler schrieb:
> When compiling with the "force" mode (at least for apache 1.3.x),
> "SUPHP_USE_USERGROUP" isnt correctly defined. So most of the functions
> arent correctly compiled. (Ie. suPHP_UserGroup directive wont be
> recognized by Apache)
I had a look at the source file a
30 matches
Mail list logo
