Re: [suPHP] suPHP not interpreting PHP files
On Thu, Dec 21, 2006 at 03:26:50PM +, Cian Davis wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Emmanuel Lacour wrote: > > On Sat, Aug 05, 2006 at 12:58:57AM +0100, Cian Davis wrote: > >> No errors on apache start (unless I specify an suPHP_AddHandler line - > >> gives "suPHP_AddHandler not allowed here"). But when I access a page, > >> it doesn't parse the page, it just offers it to download. > >> > >> Any help would be greatly appreciated. > > > > In upstream sources, this directive cannot be applied in global > > configuration, a patch is applied in the debian package. See: > > > > http://lists.marsching.biz/pipermail/suphp/2005-June/000876.htm > > Could someone suggest n extension to the above fix that would allow > suPHP_AddHandler and suPHP_Engine to be used in a .htaccess? The idea > now being, that, by default, PHP will be executed by mod_php but for > that users who know what they are doing, they can enable suPHP on a > per directory basis, without having to annoy the root team to add it > to the global Apache conf. > > Regards, > Cian > > Does not sound very good idea... I think users should not be allowed to control whether something as large security concern as PHP is on, or off. If you wish to give your users a choice on mod_php and suPHP, you can use a tactic where you register the .php file extension to mod_php and .ph file extension to suPHP. This way your users can choose which PHP they use, but you don't loose the control. Aki Tuomi ___ suPHP mailing list suPHP@lists.marsching.biz http://lists.marsching.biz/mailman/listinfo/suphp
Re: [suPHP] MAKE PROBLEM
Sebastian Marsching kirjoitti: Hi, Alexandre Busquets Triola schrieb: I try to install suphp with apache 2.2.4 and i have this error hola:/usr/src/suphp-0.6.2# ./configure --prefix=/usr/local/suphp2 --with-min-uid=1000 --with-min-gid=1000 --with-logfile=/usr/local/apache2/suphp.log --no-create --no-recursion --sysconfdir=/etc/suphp2 --with-apxs=/usr/local/apache2/bin/apxs --with-apr=/usr/local/apache2/bin/apr-1-config hola:/usr/src/suphp-0.6.2# make make: *** No targets specified and no makefile found. Stop. I think using "--no-create" is not a good idea - as this tells configure to not create any output files (like the Makefile needed for building). Regards Sebastian ___ suPHP mailing list suPHP@lists.marsching.biz http://lists.marsching.biz/mailman/listinfo/suphp You've clearly just done './config.status --recheck' and copied the output. You should always remove --no-recursion and --no-create if you are planning to reuse the configuration line. Aki Tuomi signature.asc Description: OpenPGP digital signature ___ suPHP mailing list suPHP@lists.marsching.biz http://lists.marsching.biz/mailman/listinfo/suphp
Re: [suPHP] How userdir support works
I'm using slightly different model, where the docroot is set to /www, which contains all documents. This prevents any unwanted side-effects. Aki Tuomi Thomas De Groote kirjoitti: > This is the setup on my server, serving userdirs without problems: > ;User Apache is running as > webserver_user=www-data > > ;Path all scripts have to be in > check_vhost_docroot=false > docroot=/ > > Works fine, serving about 1.000.000 hits a day, almost all from user > directories... php running as the user thanks to suphp. > > Thomas > > On 6-jun-07, at 17:07, Jaakko Heusala wrote: > >> Hi again, >> >> Jaakko Heusala wrote: >>> How does the new userdir support work? I couldn't find any >>> documentation for it. I looked the source and it seems that you have >>> to set --with-setid-mode=paranoid or --with-setid-mode=force to use >>> that part of the code. >>> >>> How does paranoid or force work? Didn't find any documentation for >>> them either... >> Actually I managed to get suphp working with userdirs (URL's with >> http://server.domain.tld/~user/) but I am not sure the >> configuration is >> secure. >> >> I compiled suPHP with mode-paranoid and configured /etc/suphp/ >> suphp.conf >> so that docroot=/home and check_vhost_docroot=false, and php-files >> started to work inside the userdirs. This probably isn't the most >> ideal >> solution because I would like to use check_vhost_docroot=true when >> userdir's aren't used - or maybe "vhost docroot" could be >> /home/user/public_html in this condition? >> >> I think those configuration settings are a bit misleading too. >> AFAIK the >> docroot=/home affects the first global test but check_vhost_docroot >> tests the vhost's own docroot? >> >> PS: I hope this email goes to the list this time. This apparently >> isn't >> my best day and it's already third attempt to sent it in correct >> address. :-) >> >> -- >> Jaakko Heusala >> >> ___ >> suPHP mailing list >> suPHP@lists.marsching.biz >> http://lists.marsching.biz/mailman/listinfo/suphp > > > ___ > suPHP mailing list > suPHP@lists.marsching.biz > http://lists.marsching.biz/mailman/listinfo/suphp > signature.asc Description: OpenPGP digital signature ___ suPHP mailing list suPHP@lists.marsching.biz http://lists.marsching.biz/mailman/listinfo/suphp
Re: [suPHP] register_globals
On Fri, Sep 07, 2007 at 01:55:44PM +0200, Andreas Thienemann wrote: > On Fri, 7 Sep 2007, Aki Tuomi wrote: > > > How very nice of you. Do you call everyone who doens't know > > everything you do an idiot? > > Please note that the original poster and the respondent is the same > person. > > Now it's up to you to reply to yourself and write something along the > lines of "doh! idiot!". :-) > > > bye, > andreas > Perhaps I need to upgrade my visual equipment =) Aki Tuomi ___ suPHP mailing list suPHP@lists.marsching.biz http://lists.marsching.biz/mailman/listinfo/suphp
Re: [suPHP] register_globals
On Fri, Sep 07, 2007 at 01:34:37PM +0200, Alessandro De Zorzi wrote: > Alessandro De Zorzi wrote: > > It is possible use register_globals = On > > with suphp enabled ? > > > yes, idiot! but set > > register_globals = On > > in > > /etc/php4/cgi/php.ini > > Alessandro De Zorzi > How very nice of you. Do you call everyone who doens't know everything you do an idiot? Aki Tuomi ___ suPHP mailing list suPHP@lists.marsching.biz http://lists.marsching.biz/mailman/listinfo/suphp
Re: [suPHP] File is writable by group
Nild kirjoitti: > Hi Everyone, > > Internal Server Error > File "file.php" is writeable by group > suPHP 0.6.2 > chmod 0644 file.php Aki signature.asc Description: OpenPGP digital signature ___ suPHP mailing list suPHP@lists.marsching.biz http://lists.marsching.biz/mailman/listinfo/suphp
Re: [suPHP] suphp parsing files with .php anywhere in the name
Drew A. Withers kirjoitti: Chris Smith wrote: I have a script on my server called 'blah.php.txt' which is being parsed by suphp as a php file. I don't think it should be because the real extension is .txt. I'm pretty sure it's suphp as my previous server wasn't running it and didn't have this problem :) My apache2/mods-available/suphp.conf file has this handler: AddHandler x-httpd-php .php .php3 .php4 .php5 .phtml So to check what was going on, I renamed the file to include the different php extensions and the same thing happened. I renamed it to have a non-php extension in the middle (blah.blah.txt) and it didn't happen. Any suggestions about how to stop this from occurring? Using the debian package ('Version: 0.6.2-1'). This happens on mine too. I'm using the same debian package (except mine is hacked to fix nfs root squash). I have suphp 0.5.1 on another server and it does the same thing. But when I turn off suphp and just use normal php it gives the code as text. So it clearly is suphp and this isn't a new thing. It is probably in the code. It's an apache feature. It does the same for .pl files. Aki Tuomi signature.asc Description: OpenPGP digital signature ___ suPHP mailing list suPHP@lists.marsching.biz http://lists.marsching.biz/mailman/listinfo/suphp
[suPHP] suPHP 0.7.0 patch
Simple patch to allow execute: to point to interprepter. After applying patch, you can use execute\:/path/to/whatever to run scripts. Please note that this is not intended use of suPHP and is not guaranteed to work or to be safe. Please be aware that this might allow remote user to bypass your server security. Aki Tuomi --- suphp-0.7.0/src/Application.cpp 2008-03-30 17:43:59.0 +0300 +++ suphp-0.7.0-new/src/Application.cpp 2008-12-27 22:57:33.0 +0200 @@ -506,6 +506,8 @@ return TARGETMODE_PHP; else if (interpreter == "execute:!self") return TARGETMODE_SELFEXECUTE; +else if (interpreter.substr(0, 8) == "execute:") + return TARGETMODE_EXECUTE; else throw SecurityException("Unknown Interpreter: " + interpreter, __FILE__, __LINE__); @@ -527,6 +529,12 @@ CommandLine cline; cline.putArgument(interpreterPath); API_Helper::getSystemAPI().execute(interpreterPath, cline, env); + } else if (mode == TARGETMODE_EXECUTE) { +std::string interpreterPath = interpreter.substr(8); +CommandLine cline; +cline.putArgument(interpreterPath); +cline.putArgument(scriptFilename); +API_Helper::getSystemAPI().execute(interpreterPath, cline, env); } else if (mode == TARGETMODE_SELFEXECUTE) { CommandLine cline; cline.putArgument(scriptFilename); --- suphp-0.7.0/src/Application.hpp 2008-03-29 19:48:59.0 +0200 +++ suphp-0.7.0-new/src/Application.hpp 2008-12-27 22:55:59.0 +0200 @@ -26,7 +26,8 @@ enum TargetMode { TARGETMODE_PHP, -TARGETMODE_SELFEXECUTE +TARGETMODE_SELFEXECUTE, +TARGETMODE_EXECUTE }; #define SUPHP_APPLICATION_H signature.asc Description: OpenPGP digital signature ___ suPHP mailing list suPHP@lists.marsching.biz http://lists.marsching.com/mailman/listinfo/suphp
Re: [suPHP] How to use chroot setting?
On Thu, Jan 08, 2009 at 07:33:42PM +, Dave Kennard wrote: > >Hi >I want to set the user's folder as their root directory, so I have my >suPHP settings like this: >;Path all scripts have to be in >docroot=${HOME} >;Path to chroot() to before executing script >chroot=${HOME} >;Check wheter script is within DOCUMENT_ROOT >check_vhost_docroot=false >But then when I load a php page I get the error "Internal Server Error >- Could not execute script" (I have set suPHP to show errors in the >browser). >If I comment out chroot or change it to / then it works okay. >suPHP is in paranoid mode, and I am setting SuPHP_UserGroup in the >virtualhost configuration. >I just installed php5-cgi normally, I didn't compile it with the >--enable-discard-path option, could this be the problem, or am I doing >something else wrong? >Thanks >Dave Is your chroot set-up properly. PHP won't run in chroot if you don't have all the libraries etc. it needs to perform. Check apache error log and suphp log. Aki Tuomi ___ suPHP mailing list suPHP@lists.marsching.biz http://lists.marsching.com/mailman/listinfo/suphp
Re: [suPHP] php does not execute
On Mon, May 18, 2009 at 01:52:34PM -0600, Brian Marshall wrote: > Hi All, > > > [Wed May 13 13:36:01 2009] [notice] SELinux policy enabled; httpd > running as context user_u:system_r:httpd_t:s0 I claim the culprit being here... Perhaps you should confirm your SELinux policy is compatible? -- cm > > Thanks > > Brian > > > > > This e-mail is intended only for the person or persons to whom it is > addressed and may contain information that is privileged, confidential, > or otherwise protected from disclosure. If you have received this e-mail > in error, please immediately notify us by calling the Integer Group Help > Desk at +01.303.393.3030. Dissemination, distribution, or copying of this > e-mail or the information herein by anyone other than the intended > recipient or an employee or agent responsible for delivering the message > to the intended recipient is prohibited. > > The Integer Group > +01. 303. 393. 3000 > > > ___ > suPHP mailing list > suPHP@lists.marsching.biz > http://lists.marsching.com/mailman/listinfo/suphp > signature.asc Description: Digital signature ___ suPHP mailing list suPHP@lists.marsching.biz http://lists.marsching.com/mailman/listinfo/suphp
Re: [suPHP] php does not execute
Your httpd claims otherwise. Perhaps you should disable selinux completely? Have you checked dmesg? On Mon, May 18, 2009 at 02:42:16PM -0600, Brian Marshall wrote: > Hi Aki, > > When I look at selinux enforcement policy I see the following. > > cat /selinux/enforce > 0 > > I'm assuming this is compatible since it shouldn't actually enforce > anything but is there something additional I should check? > > > On May 18, 2009, at 2:20 PM, Aki Tuomi wrote: > > >On Mon, May 18, 2009 at 01:52:34PM -0600, Brian Marshall wrote: > >>Hi All, > >> > > > > > > > >> > >>[Wed May 13 13:36:01 2009] [notice] SELinux policy enabled; httpd > >>running as context user_u:system_r:httpd_t:s0 > > > >I claim the culprit being here... Perhaps you should confirm your > >SELinux policy is compatible? > > > >-- cm > > > >> > >>Thanks > >> > >>Brian > >> > >> > >> > >> > >>This e-mail is intended only for the person or persons to whom it is > >>addressed and may contain information that is privileged, > >>confidential, > >>or otherwise protected from disclosure. If you have received this e- > >>mail > >>in error, please immediately notify us by calling the Integer Group > >>Help > >>Desk at +01.303.393.3030. Dissemination, distribution, or copying > >>of this > >>e-mail or the information herein by anyone other than the intended > >>recipient or an employee or agent responsible for delivering the > >>message > >>to the intended recipient is prohibited. > >> > >>The Integer Group > >>+01. 303. 393. 3000 > >> > >> > >>___ > >>suPHP mailing list > >>suPHP@lists.marsching.biz > >>http://lists.marsching.com/mailman/listinfo/suphp > >> > >___ > >suPHP mailing list > >suPHP@lists.marsching.biz > >http://lists.marsching.com/mailman/listinfo/suphp > > > > > > This e-mail is intended only for the person or persons to whom it is > addressed and may contain information that is privileged, confidential, > or otherwise protected from disclosure. If you have received this e-mail > in error, please immediately notify us by calling the Integer Group Help > Desk at +01.303.393.3030. Dissemination, distribution, or copying of this > e-mail or the information herein by anyone other than the intended > recipient or an employee or agent responsible for delivering the message > to the intended recipient is prohibited. > > The Integer Group > +01. 303. 393. 3000 > > signature.asc Description: Digital signature ___ suPHP mailing list suPHP@lists.marsching.biz http://lists.marsching.com/mailman/listinfo/suphp
Re: [suPHP] PHP opcode cache that works with suPHP
On Tue, May 19, 2009 at 11:54:44AM +0300, Jani Ollikainen wrote: > Vladimir Prelovac wrote: > > Do you guys know of any PHP caching solution that will work with suphp? > > There aren't for the reasons how mod_suphp works. > Perhaps best way to deal with this would be to persist a per-user PHP process for dealing with subsequent requests. You could kill it after certain number of requests or time. Special care should be taken to handle chrooting correctly, and that same process is never reused for another user. This is similar to how Passenger module for ruby works. Aki Tuomi signature.asc Description: Digital signature ___ suPHP mailing list suPHP@lists.marsching.biz http://lists.marsching.com/mailman/listinfo/suphp
Re: [suPHP] Apache2 + MultiViews + suPHP
On Wed, May 20, 2009 at 12:13:54PM +0700, Alex Grebenshchikov wrote: > Hello, > > I've just upgraded Apache from version 1.3. to 2.0.63. > No mod_php is used, PHP is used via suPHP. > > Everything seems to work fine, but failes with Options +MultiViews. > > If we access a page by link http://domain.com/page.php - that's ok. > > But, when we access a page by link http://domain.com/page with MultiViews set > on, suPHP does not parse the script and we see raw php code (nothing in suphp > log for that request). > > > > > AddHandler x-httpd-php4 .php4 > AddHandler x-httpd-php5 .inc .php .php3 .php5 .phtml > > > suPHP_Engine on > suPHP_ConfigPath /usr/local/etc/php5/cgi/ > suPHP_AddHandler x-httpd-php4 > suPHP_AddHandler x-httpd-php5 > > > > It's not a question to use or not to use MultiViews. It's the question, how > to make it works properly. > > Please, help. > > Regards, > Alex Gr. You have to tell apache that http://domain.com/page is a PHP script, not a page. It does this by looking at the request, not the actual filename on the filesystem. > ___ > suPHP mailing list > suPHP@lists.marsching.biz > http://lists.marsching.com/mailman/listinfo/suphp signature.asc Description: Digital signature ___ suPHP mailing list suPHP@lists.marsching.biz http://lists.marsching.com/mailman/listinfo/suphp