Bug 445598 - Update of mod_suphp to 0.6.3 introduces serious backward incompatibility without further notice
Summary: Update of mod_suphp to 0.6.3 introduces serious backward incompatibility with...
Status: CLOSED WONTFIX
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: mod_suphp   
(Show other bugs)
Version: el4
Hardware: All
OS: Linux
medium
high
Target Milestone: ---
Assignee: Andreas Thienemann
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: ActualBug
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-05-07 21:25 UTC by Felix Schwarz
Modified: 2012-03-01 20:02 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-03-01 20:02:48 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Felix Schwarz 2008-05-07 21:25:35 UTC
mod_suphp 0.6.3 enforces some additional (but unnecessary from a security point
of view) checks about directory ownership which can not be disabled at runtime.

E.g. if you have several web sites using virtual hosts below /var/www (e.g.
/var/www/foo/shop, /var/www/bar/gallery) suphp enforces that all directories
below /var/www either belong to the root user or to the user the called php
script should be run as.

Issue description upstream:
http://lists.marsching.com/pipermail/suphp/2008-April/001812.html
Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477646

Several people talked about writing a patch, although so far no code was posted.
 Maybe the patch could be applied for EPEL in order to restore the old behavior.

Comment 1 Kevin Fenzi 2012-03-01 20:02:48 UTC
EPEL-4 has reached end of life and is no longer supported. 

Please retest your bug against EPEL-5 or EPEL-6 and re-open if the bug persists in the packages available in those releases, or file a new bug. 

See: http://lists.fedoraproject.org/pipermail/epel-announce/2012-February/000015.html


Note You need to log in before you can comment on or make changes to this bug.