Bug 445598 - Update of mod_suphp to 0.6.3 introduces serious backward incompatibility without further notice
Summary: Update of mod_suphp to 0.6.3 introduces serious backward incompatibility with...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: mod_suphp
Version: el4
Hardware: All
OS: Linux
medium
high
Target Milestone: ---
Assignee: Andreas Thienemann
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: ActualBug
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-05-07 21:25 UTC by Felix Schwarz
Modified: 2012-03-01 20:02 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-01 20:02:48 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Felix Schwarz 2008-05-07 21:25:35 UTC 
mod_suphp 0.6.3 enforces some additional (but unnecessary from a security point
of view) checks about directory ownership which can not be disabled at runtime.

E.g. if you have several web sites using virtual hosts below /var/www (e.g.
/var/www/foo/shop, /var/www/bar/gallery) suphp enforces that all directories
below /var/www either belong to the root user or to the user the called php
script should be run as.

Issue description upstream:
http://lists.marsching.com/pipermail/suphp/2008-April/001812.html
Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477646

Several people talked about writing a patch, although so far no code was posted.
 Maybe the patch could be applied for EPEL in order to restore the old behavior.
Comment 1 Kevin Fenzi 2012-03-01 20:02:48 UTC 
EPEL-4 has reached end of life and is no longer supported. 

Please retest your bug against EPEL-5 or EPEL-6 and re-open if the bug persists in the packages available in those releases, or file a new bug. 

See: http://lists.fedoraproject.org/pipermail/epel-announce/2012-February/000015.html
Note You need to log in before you can comment on or make changes to this bug.