On Sun, 24 Jun 2012, Joe Gillotti wrote:
1) With suPHP, it generally isn't possible for a malicious script to harm anything aside from what the user who's running the script can access. You shouldn't need to worry about trusting it at that point.
Not trust. Truss. FreeBSD's equivalent of strace. I.e. figure out which files are being opened/stat'd, which filehandles are being touched, where session files are failing to be written, etc etc. (Because PHP has crap-all for debugging support).
In order to be able to do that, I need to be able to call the "suphp" binary just as mod_suphp would, and supply the same environment the webserver would.
2) WordPress is quirky. Maybe it's an issue with a custom theme, or how it detects how to encode the content to the web browser based on the Accept or UserAgent headers which are nonexistent when ran from the command line.
Entirely likely, and it worked, but I'm looking for the system-level diagnostic, rather than the application-level fix, if that makes sense.
Ah well. -Dan -- "I'll commit ritual suicide before I whore myself out to Disney." --Emi Bryant April 26, 2004 On the animation industry --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --------------------------- _______________________________________________ suPHP mailing list [email protected] https://lists.marsching.com/mailman/listinfo/suphp
