headers
Pekka Jalonen | 15 Feb 2011 00:19
Picon
Picon
Favicon

suPHP in Debian (lenny / squueze)

Hello,

Is this bug or feature in suPHP?

I am running suPHP in Debian (lenny and squeeze).

In lenny I can run following php without problems (version 0.6.2-3)
" system('id'); "

It's print out on browser without problems.
" uid=1000(peja) gid=100(users) groups=100(users) "

But in squeeze (version 0.7.1-1)

" system('id'); "  is not working (blank browser page) and I have to
change it following.

" system('/usr/bin/id'); "

Yes, there is also in suphp.conf

;PATH environment variable
env_path=/bin:/usr/bin

When I change it and restart apache no effect.

Well is there problem in php/suphp conf or where?

Thanks,
--

--
(Continue reading)

Permalink | Reply | 1 comment |
headers
Pekka Jalonen | 16 Feb 2011 22:12
Picon
Picon
Favicon

Re: suPHP in Debian (lenny / squueze)

Hello,

> ;PATH environment variable
> env_path=/bin:/usr/bin

... in Debian squeeze (6.0) must be
env_path=/bin\:/usr/bin

Then it's working at Debian squeeze (6.0).

Thanks.

Regards,

--

-- 
Pekka Jalonen | http://www.iki.fi/pekka.jalonen | http://jalonen.net
"Sometimes the truth hurts. And sometimes it feels real good."
Permalink | Reply | 0 comments |
headers
Sebestyén Dénes | 18 Feb 2011 12:17
Picon

suPHP vs. Squeeze

Hi

I had a problem with suPHP after upgrading to Squeeze. I managed to 
solve the problem, maybe I can help somes.

After the upgrade the suPHP-ed sites on my server wrote 
permission-related error messages.
I found that the no suPHP logs were created after the upgrade, so I 
started to find the answer why.

Solution:
In the previous versions, the php5.conf apache configuration file had 
something like this:
     AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml

After the upgrade. it changed to this:
<FilesMatch "\.ph(p3?|tml)$">
     SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
     SetHandler application/x-httpd-php-source
</FilesMatch>

This overrode the "AddType application/x-httpd-suphp .php" in the 
suphp.conf, that's why suphp never started.

So after all I removed the new lines, and added the old once again, to 
look like this:
# <FilesMatch "\.ph(p3?|tml)$">
#    SetHandler application/x-httpd-php
(Continue reading)

Permalink | Reply | 7 comments |
headers
Michelle Konzack | 20 Feb 2011 18:41

Re: suPHP vs. Squeeze

Hello Sebestyén Dénes,

Am 2011-02-18 12:17:53, hacktest Du folgendes herunter:
> Solution:
> In the previous versions, the php5.conf apache configuration file
> had something like this:
>     AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
> 
> After the upgrade. it changed to this:
> <FilesMatch "\.ph(p3?|tml)$">
>     SetHandler application/x-httpd-php
> </FilesMatch>
> <FilesMatch "\.phps$">
>     SetHandler application/x-httpd-php-source
> </FilesMatch>

This not a Bug in Squeeze but also in Lenny which I have reported to the
BTS long time ago!

Thanks, Greetings and nice Day/Evening
    Michelle Konzack

--

-- 
##################### Debian GNU/Linux Consultant ######################
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems <at> tdnet France EURL       itsystems <at> tdnet UG (limited liability)
Owner Michelle Konzack            Owner Michelle Konzack

Apt. 917 (homeoffice)
(Continue reading)

Permalink | Reply | 6 comments |
headers
Daniel Llewellyn | 20 Feb 2011 19:32
Picon
Gravatar

Re: suPHP vs. Squeeze

On 20 Feb 2011, at 17:41, Michelle Konzack wrote:

> Hello Sebestyén Dénes,
> 
> Am 2011-02-18 12:17:53, hacktest Du folgendes herunter:
>> Solution:
>> In the previous versions, the php5.conf apache configuration file
>> had something like this:
>>    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
>> 
>> After the upgrade. it changed to this:
>> <FilesMatch "\.ph(p3?|tml)$">
>>    SetHandler application/x-httpd-php
>> </FilesMatch>
>> <FilesMatch "\.phps$">
>>    SetHandler application/x-httpd-php-source
>> </FilesMatch>
> 
> This not a Bug in Squeeze but also in Lenny which I have reported to the
> BTS long time ago!

That's not a bug at all. You can't expect to run the mod_php5 plugin and mod_suphp at the same time. The former
is what is configured by the file /etc/apache2/mods-available/php5.conf. disable that config file and
enable the suphp one (if it isn't already) and bob will be your proverbial uncle.

Regards,
	The Honeymonster aka Daniel Llewellyn - diddledan@...
Permalink | Reply | 5 comments |
headers
Michelle Konzack | 21 Feb 2011 13:40

Re: suPHP vs. Squeeze

Hello Daniel Llewellyn,

Am 2011-02-20 18:32:25, hacktest Du folgendes herunter:
> That's not a bug at all. You can't expect to run the mod_php5 plugin
> and mod_suphp at the same time. The former is what is configured by
> the file /etc/apache2/mods-available/php5.conf. disable that config
> file and enable the suphp one (if it isn't already) and bob will be
> your proverbial uncle.

This would enable suPHH for the whole machine with all  VHost  which  is
not desirable. Also under Debian you can not configure "suPHP_UserGroup"

Imagine, on my system I have removed the original php5.conf entries long
time ago and it works perfectly.  suPHP  is  always  configured  in  the
VHosts where it is needed.

This should normaly the default.

I see runing suPHP on the WHOLE machine as a security risk to  the  data
of the users.

> Regards,
> 	The Honeymonster aka Daniel Llewellyn - diddledan@...

Thanks, Greetings and nice Day/Evening
    Michelle Konzack

--

-- 
##################### Debian GNU/Linux Consultant ######################
   Development of Intranet and Embedded Systems with Debian GNU/Linux
(Continue reading)

Permalink | Reply | 1 comment |
headers
Roger B.A. Klorese | 23 Feb 2011 01:31

Re: suPHP vs. Squeeze

On 2/21/11 4:40 AM, Michelle Konzack wrote:
> Imagine, on my system I have removed the original php5.conf entries long
> time ago and it works perfectly.

...if you intend not to run mod_php.

> I see runing suPHP on the WHOLE machine as a security risk to  the  data
> of the users.

Isolating each user's data to that user is a security risk to the users?!
Permalink | Reply | 0 comments |
headers
Achikbache Guilhem | 25 Feb 2011 14:44
Favicon

Re: suPHP Digest, Vol 82, Issue 6

Actually, I have already shared my config on using mod_php and mod_suphp 
at the same time. I think it is required (on debian at least) because 
phpmyadmin and all other system wide web apps would be run as root... 
and then must be handled by mod_php and not suphp.

The whole point is about activating mod_suphp *before* mod_php, because 
mod_suphp can be disabled at runtime, not mod_php; if mod_php is 
configured first, it will handle all x-application-php types. But you 
can configure suphp to be enabled for vhosts only.

Please read 
https://lists.marsching.com/pipermail/suphp/2010-March/002322.html

PS : One more tip is available : run php4 AND php5 (or 6 or 7 or ...) at 
the same time thanks to suphp !

Le 23/02/2011 12:00, suphp-request@... a écrit :
> Send suPHP mailing list submissions to
> 	suphp@...
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.marsching.com/mailman/listinfo/suphp
> or, via email, send a message with subject or body 'help' to
> 	suphp-request@...
>
> You can reach the person managing the list at
> 	suphp-owner@...
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of suPHP digest..."
(Continue reading)

Permalink | Reply | 0 comments |
headers
Achikbache Guilhem | 25 Feb 2011 14:45
Favicon

Re: suPHP vs. Squeeze


Le 23/02/2011 12:00, suphp-request@... a écrit :
> Send suPHP mailing list submissions to
> 	suphp@...
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.marsching.com/mailman/listinfo/suphp
> or, via email, send a message with subject or body 'help' to
> 	suphp-request@...
>
> You can reach the person managing the list at
> 	suphp-owner@...
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of suPHP digest..."
>
>
>
> Today's Topics:
>
>     1. Re: suPHP vs. Squeeze (Roger B.A. Klorese)
>
>
>
> _______________________________________________
> suPHP mailing list
> suPHP@...
> https://lists.marsching.com/mailman/listinfo/suphp
Attachment (guilhem.vcf): text/x-vcard, 318 bytes
(Continue reading)

Permalink | Reply | 0 comments |
headers
Achikbache Guilhem | 25 Feb 2011 14:58
Favicon

Re: suPHP vs. Squeeze

Le -10/01/-28163 20:59, Daniel Llewellyn a écrit :
> On 20 Feb 2011, at 17:41, Michelle Konzack wrote:
>
>> Hello Sebestyén Dénes,
>>
>> Am 2011-02-18 12:17:53, hacktest Du folgendes herunter:
>>> Solution: In the previous versions, the php5.conf apache
>>> configuration file had something like this: AddType
>>> application/x-httpd-php .php .php3 .php4 .php5 .phtml
>>>
>>> After the upgrade. it changed to this: <FilesMatch
>>> "\.ph(p3?|tml)$"> SetHandler application/x-httpd-php
>>> </FilesMatch> <FilesMatch "\.phps$"> SetHandler
>>> application/x-httpd-php-source </FilesMatch>
>>
>> This not a Bug in Squeeze but also in Lenny which I have reported
>> to the BTS long time ago!
>
> That's not a bug at all. You can't expect to run the mod_php5 plugin
> and mod_suphp at the same time. The former is what is configured by
> the file /etc/apache2/mods-available/php5.conf. disable that config
> file and enable the suphp one (if it isn't already) and bob will be
> your proverbial uncle.

Actually, you can! I have already shared my config on using mod_php and
mod_suphp at the same time. I think it is required (on debian at least) 
because phpmyadmin and all other system wide web apps would be run as 
root... and then must be handled by mod_php and not suphp.

The whole point is about activating mod_suphp *before* mod_php, because
(Continue reading)

Permalink | Reply | 2 comments |

Gmane