phpSUEXEC ** End of life **

[Radio_Head]

http://www.localhost.nl/patches/


End of life
I would hereby like to inform you that these patches have become unmaintained. There is another project (which is being run by someone else) called suphp. It basically does the same things, but better. You can find it here http://www.suphp.org/Home.html .



Any comment ?

 

[Radio_Head]

My comment is for Darkorb/cpanel developers ;

now that phpsuexec is no more mantained , please can you add suphp support on
easyapache , please ?


Thank you!

 

[anand]

http://www.localhost.nl/patches/


End of life
I would hereby like to inform you that these patches have become unmaintained. There is another project (which is being run by someone else) called suphp. It basically does the same things, but better. You can find it here http://www.suphp.org/Home.html .



Any comment ?

I tried setting up suphp long back but wasn't successfull. Php just stopped working

Were u successfull in getting it up and running ?

 

[Myacen]

Damm thats a shame. I agree we need to switch.

 

[Radio_Head]

I tried setting up suphp long back but wasn't successfull. Php just stopped working

Were u successfull in getting it up and running ?

I am using "php safemode on" for now without phpsuexec or suphp.
I am waiting that darkorb/cpanel will support suphp via easyapache .

 

[anand]

I am using "php safemode on" for now without phpsuexec or suphp.
I am waiting that darkorb/cpanel will support suphp via easyapache .

hmm... ok. I tried using suphp but for some reason it won't work. After a while i left it there. Lets hope cpanel supports it.

 

[casey]

Once apache 2.0 support is fully functional it won't be necessary, right?

 

[Radio_Head]

bump ...........

 

[Myacen]

Billy indicated to me yesterday that nick is aware of it and that it's probable that suphp will be built into apache in time. However he also said he would maintain phpsuexec

 

[Radio_Head]

Billy indicated to me yesterday that nick is aware of it and that it's probable that suphp will be built into apache in time. However he also said he would maintain phpsuexec

I hope in this especially because we will able to use safe mode e php flags inside httpd conf . Something which was not possible with phpsuexec.

 

[Radio_Head]

bump ..................

 

[chirpy]

There's no need to keep bumping a thread if people are interested they'll post to it, if not they won't.

Anyway, there's a HOWTO install suphp on a cPanel box here:
http://forum.ev1servers.net/showthread.php?s=&threadid=34866&perpage=25&pagenumber=1

Do remember that it will break things.

 

[anand]

What all does it break ?

 

[chirpy]

Actually, I'm wrong about that, I was referring to a problem suphp had in the past that they've now fixed.

For those that do run it, don't ignore the following from their own documentation:

Please note that the suPHP binary has to be installed setuid-root to work,
so a security bug in suPHP probably will allow atackers to run commands with
root privileges.

 

[casey]

Ouch!! No thanks! I don't use phpsuexec, but I definitely wouldn't use suphp!!

 

[Radio_Head]

Ouch!! No thanks! I don't use phpsuexec, but I definitely wouldn't use suphp!!

Why not suphp .. security problems , getting configured/installed , or what else ?

 

[casey]

Why not suphp .. security problems , getting configured/installed , or what else ?

I'll post what Chirpy quoted again, with emphasis:

Please note that the suPHP binary has to be installed setuid-root to work,
so a security bug in suPHP probably will allow attackers to run commands with
root privileges.

 

[Radio_Head]

will allow attackers to run commands with
root privileges.

I think that this could apply to all your linux commands too ...

I instead want underline what the phpsuexec author wrote about suphp

It (suphp) basically does the same things, but better

 

[cPanelBilly]

I'll post what Chirpy quoted again, with emphasis:

so does suEXEC, you going to remove that from all machines? It actually should be pretty secure still, we are looking at it more and more.

 

[chirpy]

I think that this could apply to all your linux commands too

No, they don't. You should read up on suid.

so does suEXEC, you going to remove that from all machines

True, but that is developed and maintained by the Apache group - I trust them more than a few lone developers.

What we really need is for either the PHP or Apache Developers to pull their fingers out and develop a secure method of running PHP in a virtualhost environment.