suPHP 0.6.3 SECURITY ISSUE: Immediate update advised Dear Falko, I've setup suphp according your howto: http://www.howtoforge.com/install-s...tions-for-use-with-ispconfig-2.2.20-and-above, which is based on suphp 0.6.2. On 30-3-2008 suphp version 0.6.3 has been released and it is recomended to upgrade to this version as you can see here: http://www.suphp.org/Home.html Now my question: What are the recomended steps to perform an upgrade to this new suphp version? I guess the following steps, but i want to be sure (because of ISPConfig and it's suPHP wrapper): cd /tmp wget http://www.suphp.org/download/suphp-0.6.3.tar.gz tar xvfz suphp-0.6.3.tar.gz cd suphp-0.6.3 ./configure --prefix=/usr --sysconfdir=/etc --with-apache-user=www-data --with-setid-mode=paranoid --with-apxs=/usr/bin/apxs2 make make install Kind regards, Hans
Thanks Falko for your reply. (I needed that confirmation) I updated suphp on my both servers. Everything seems to work indeed.
Hm i have some issue in mandriva...again... compiled ok httpd restarted with no errors, but my testing web gets 500 error in part where is some file function called.. This is in suPHP log. Code: [Tue Apr 22 00:20:35 2008] [warn] Directory /var/www is not owned by web1_webmas ter [Tue Apr 22 00:21:50 2008] [warn] Directory /var/www is not owned by web1_webmas ter my website is in /var/www/web1 with 0.6.2 that works ok. my suPHP.conf Code: allow_directory_group_writeable=true allow_directory_others_writeable=false ;Check wheter script is within DOCUMENT_ROOT check_vhost_docroot=true ;Send minor error messages to browser errors_to_browser=false ;PATH environment variable env_path=/bin:/usr/bin ;Umask to set, specify in octal notation umask=0077 ; Minimum UID min_uid=100 ; Minimum GID min_gid=100 [handlers] ;Handler for php-scripts x-httpd-php=php:/home/admispconfig/ispconfig/tools/suphp/usr/bin/php-wrapper ;Handler for CGI-scripts x-suphp-cgi=execute:!self
ok here is my web1 vhost file Code: <VirtualHost 192.168.1.123:80> RewriteEngine on RewriteCond %{HTTP_HOST} ^stats.dch.cz [NC] RewriteRule ^/(.*)$ /stats/$1 [L] RewriteCond %{HTTP_HOST} ^meteo.dch.cz [NC] RewriteRule ^/(.*)$ /meteo/$1 [L] SuexecUserGroup web1_webmaster web1 ServerName www.dch.cz:80 ServerAdmin [email protected] DocumentRoot /var/www/web1/web ServerAlias mail.dch.cz admin.dch.cz mysql.dch.cz webmin.dch.cz stats.dch.cz use r.dch.cz dch.cz meteo.dch.cz okna.dch.cz www.okna.dch.cz mailuser.dch.cz webcam. dch.cz nod.dch.cz DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 i ndex.shtml index.cgi index.pl index.jsp Default.htm default.htm Alias /cgi-bin/ /var/www/web1/cgi-bin/ AddHandler cgi-script .cgi AddHandler cgi-script .pl ErrorLog /var/www/web1/log/error.log AddType application/x-httpd-php .php .php3 .php4 .php5 <Directory /var/www/web1/web> suPHP_Engine on suPHP_UserGroup web1_webmaster web1 AddHandler x-httpd-php .php .php3 .php4 .php5 suPHP_AddHandler x-httpd-php SetEnv php_safe_mode Off </Directory> AddType text/html .shtml AddOutputFilter INCLUDES .shtml AddType application/vnd.wap.wmlscriptc .wmlsc .wsc AddType text/vnd.wap.wml .wml AddType text/vnd.wap.wmlscript .ws .wmlscript AddType image/vnd.wap.wbmp .wbmp Alias /error/ "/var/www/web1/web/error/" ErrorDocument 400 /error/invalidSyntax.html ErrorDocument 401 /error/authorizationRequired.html ErrorDocument 403 /error/forbidden.html ErrorDocument 404 /error/fileNotFound.html ErrorDocument 405 /error/methodNotAllowed.html ErrorDocument 500 /error/internalServerError.html ErrorDocument 503 /error/overloaded.html AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3 AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3 RewriteEngine on RewriteCond %{HTTP_HOST} ^mail\.dch\.cz [NC] RewriteRule ^/(.*) http://dch.cz:81/roundcubemail/$1 [L,R] RewriteCond %{HTTP_HOST} ^admin\.dch\.cz [NC] RewriteRule ^/(.*) http://dch.cz:81/$1 [L,R] RewriteCond %{HTTP_HOST} ^mysql\.dch\.cz [NC] RewriteRule ^/(.*) http://dch.cz:81/phpmyadmin/$1 [L,R] RewriteCond %{HTTP_HOST} ^webmin\.dch\.cz [NC] RewriteRule ^/(.*) https://dch.cz:10000/$1 [L,R] RewriteCond %{HTTP_HOST} ^user\.dch\.cz [NC] RewriteRule ^/(.*) https://dch.cz:20000/$1 [L,R] RewriteCond %{HTTP_HOST} ^dch\.cz [NC] RewriteRule ^/(.*) http://www.dch.cz/$1 [L,R] RewriteCond %{HTTP_HOST} ^mailuser\.dch\.cz [NC] RewriteRule ^/(.*) http://dch.cz:81/mailuser/$1 [L,R] RewriteCond %{HTTP_HOST} ^webcam\.dch\.cz [NC] RewriteRule ^/(.*) http://dch.cz:83/$1 [L,R] RewriteCond %{HTTP_HOST} ^nod\.dch\.cz [NC] RewriteRule ^/(.*) https://dch.cz:82/$1 [L,R] </VirtualHost>
here is, currently i have suphp 0.6.2 active drwxr-xr-x 21 root root 1024 bře 4 15:16 ./ drwxr-xr-x 21 root root 1024 dub 23 14:03 ../ drwxr-xr-x 2 root root 1024 bře 4 15:16 backup/ drwxr-xr-x 15 root root 1024 úno 27 16:06 cache/ drwxr-xr-x 2 root root 1024 pro 6 2006 db/ drwxr-xr-x 2 root root 1024 bře 27 12:01 empty/ drwxr-xr-x 3 root root 1024 zář 6 2007 ftp/ drwxr-xr-x 2 root root 1024 dub 5 2007 iptraf/ drwxr-xr-x 38 root root 1024 dub 23 14:17 lib/ drwxr-xr-x 2 root root 1024 pro 6 2006 local/ drwxrwxr-x 3 root root 1024 dub 23 11:07 lock/ drwxr-xr-x 22 root root 3072 dub 21 23:59 log/ lrwxrwxrwx 1 root root 10 kvě 19 2007 mail -> spool/mail/ drwxr-xr-x 2 root root 1024 pro 6 2006 nis/ drwxr-xr-x 2 root root 1024 pro 6 2006 opt/ drwxr-xr-x 2 root root 1024 pro 6 2006 preserve/ drwxr-xr-x 23 root root 2048 dub 23 14:06 run/ drwxr-xr-x 11 root root 1024 říj 29 20:10 spool/ drwxr-xr-x 3 root root 1024 lis 18 2006 state/ drwxrwxrwt 2 root root 1024 dub 23 11:20 tmp/ drwxr-xr-x 2 root root 1024 úno 22 2007 webmin/ drwxr-xr-x 16 apache apache 1024 dub 4 05:00 www/
i've installed suphp 0.6.2 on ispconfig 2.2.18 based on this howto: http://www.howtoforge.com/suphp_debian_etch_ispconfig i've updated ispconfig to 2.2.22 and still to work properly. but, all the webs get 500 error after updated suphp to 0.6.3 based on this howto: http://www.howtoforge.com/install-s...tions-for-use-with-ispconfig-2.2.20-and-above debian etch amd64, apache 2.2.3, php 5.2.0-8
Can you try and change Code: allow_directory_others_writeable=false to Code: allow_directory_others_writeable=true in /etc/suphp.conf?