Summary: | Make it possible to disable parent directory owner check in www-apache/mod_suphp | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Candid Dauth <cdauth+bugs.gentoo.org> |
Component: | [OLD] Server | Assignee: | No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed> |
Status: | RESOLVED UPSTREAM | ||
Severity: | normal | CC: | notordoktor |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
Patch on the sources to add the new configuration value.
Patch on the ebuild to add the suphp patch. Patch on the default config file to add the new setting. Patch on the sources to add the new configuration value. Patch on the default config file to add the new setting. |
Description
Candid Dauth
2010-02-06 20:31:35 UTC
Created attachment 218719 [details, diff]
Patch on the sources to add the new configuration value.
Created attachment 218721 [details, diff]
Patch on the ebuild to add the suphp patch.
Created attachment 218725 [details, diff]
Patch on the default config file to add the new setting.
Created attachment 218743 [details, diff]
Patch on the sources to add the new configuration value.
I updated the patch on the sources, the old one did not quite do what I thought it did. This one definitely works for me.
Created attachment 218745 [details, diff]
Patch on the default config file to add the new setting.
I updated the patch on the config file to better describe the setting.
As you noted, this has been like this since 0.6.3, released 2008-03-30 - that's just short of two years (!). Similar patches which affect important security features need to be taken upstream - https://lists.marsching.com/mailman/listinfo/suphp, otherwise you end up with shopping something that is completely unsupported by upstream and forward-porting all that unsupported stuff from version to version when it breaks. I agree with you, but obviously the suphp developers don’t have any interest in including this patch (as I found it on that mailing list, and similar ones have been posted there many times). In my opinion, this “security feature” is a bug, and I think it should be fixed somewhere. I don’t understand what you are trying to tell me by pointing out that this “feature” has been introduced in 2008. 0.6.2 has been removed from the Portage tree last September, and updating completely breaks many existing configurations. This needs to be fixed by upstream |