Bug 445598 - Update of mod_suphp to 0.6.3 introduces serious backward incompatibility without further notice
Update of mod_suphp to 0.6.3 introduces serious backward incompatibility with...
Status: CLOSED WONTFIX
Product: Fedora EPEL
Classification: Fedora
Component: mod_suphp (Show other bugs)
el4
All Linux
medium Severity high
: ---
: ---
Assigned To: Andreas Thienemann
Fedora Extras Quality Assurance
ActualBug
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-07 17:25 EDT by Felix Schwarz
Modified: 2012-03-01 15:02 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-03-01 15:02:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Felix Schwarz 2008-05-07 17:25:35 EDT
mod_suphp 0.6.3 enforces some additional (but unnecessary from a security point
of view) checks about directory ownership which can not be disabled at runtime.

E.g. if you have several web sites using virtual hosts below /var/www (e.g.
/var/www/foo/shop, /var/www/bar/gallery) suphp enforces that all directories
below /var/www either belong to the root user or to the user the called php
script should be run as.

Issue description upstream:
http://lists.marsching.com/pipermail/suphp/2008-April/001812.html
Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477646

Several people talked about writing a patch, although so far no code was posted.
 Maybe the patch could be applied for EPEL in order to restore the old behavior.
Comment 1 Kevin Fenzi 2012-03-01 15:02:48 EST
EPEL-4 has reached end of life and is no longer supported. 

Please retest your bug against EPEL-5 or EPEL-6 and re-open if the bug persists in the packages available in those releases, or file a new bug. 

See: http://lists.fedoraproject.org/pipermail/epel-announce/2012-February/000015.html

Note You need to log in before you can comment on or make changes to this bug.