[suPHP] suPHP and symlinks revisited
Vladislav Rastrusny
FractalizeR at yandex.ru
Tue Sep 2 12:15:02 CEST 2008
I suppose there is no solution. Your situation seem to be considered a
security whole in 0.6.2 and fixed in 0.6.3 (check news on
www.suphp.org)
2008/9/2 Vegard Svanberg <vegard at svanberg.no>:
> I've seen this issue been up for debate before, but browsing through the
> archives, I'm a bit unsure what common practice and solutions are.
>
> Imagine the following scenario:
>
> User 1: /home/user1/html (owned by "user1")
> User 2: /home/user2/html (owned by "user2")
> Common (shared) code: /usr/local/commoncode (owned by "commoncode")
>
> Symlinks:
>
> /home/user1/html/commoncode -> /usr/local/commoncode
> /home/user2/html/commoncode -> /usr/local/commoncode
>
> (I've tried owning the symlinks as "userX", "commoncode" and "root".)
>
> suPHP 0.6.2 will execute this, 0.6.3 won't ("directory /home/user1/html
> not owned by commoncode"). I can't see any immediate solutions to this.
>
> Any suggestions?
>
> --
> Vegard Svanberg <vegard at svanberg.no> [*Takapa at IRC (EFnet)]
>
>
> _______________________________________________
> suPHP mailing list
> suPHP at lists.marsching.biz
> http://lists.marsching.com/mailman/listinfo/suphp
>
More information about the suPHP
mailing list