Currently, in force and paranoid mode, suphp doesn't handle correctly mod_userdir sites. i.e. www.foo.com/~bar will run as foo.com's user, not as bar. Attached is a patch that I wrote that lets suphp handles user sites correctly. It was submitted to the mailing list a month ago, with no response as-of-yet from the maintainer, so gentoo might want to include it, as judging by past history, the next upstream release may not be for a while. It is disabled by default, so it could be patched by default. To enable it, set handle_userdir=true in /etc/ suphp.conf. It doesn't affect at all owner mode. It's been tested on apache 2, and I've been running it on my server without any problems.
Created attachment 71833 [details, diff] suphp-0.6.0-userdir.patch
Created attachment 74677 [details, diff] suphp-0.6.1-userdir.patch updated for 0.6.1
in cvs, thanks