[suPHP] Patch to disable parent-dir-owned-by-root check (was: 0.6.3 issue with virtual hosts)

Derek Simkowiak dereks at realloc.net
Fri Apr 25 01:04:04 CEST 2008

    I wasn't subscribed to this list when the thread "0.6.3 issue with 
virtual hosts" happened, so I can't reply on that thread.  But here is 
the last post from that thread, from Brock Noland:

On Thu, Apr 24, 2008 at 12:50 PM, Jorge Bastos <[EMAIL PROTECTED]> wrote:
> I'd live to have that also, even that I don't have suphp working don't know
>  why.
>  Can you post it here when you'll write it?

Yeah, I will probably write it tonight. Shouldn't be a very large patch.


    I agree with Jeremy, Emmanuel, Jorge etc. that this should have an 
override.  In fact, this "check for root parent ownership" feature makes 
absolutely no sense to me, and I suggest removing it completely.

    There are many environments where a parent of the user's home might 
not be owned by root, such as ISP web hosting (CPanel / ISPConfig) or 
network-mounted home dirs (NFS, SSHFS, WebDAV, Samba, etc.).  Apache's 
suexec (for CGI programs) does not have this "root must own parents" 
check, and if it did, many web hosting configurations would break.

    I've created a simple patch that works for me (in an Ubuntu 7.10 + 
ISPConfig setup).  My patch looks if the compile-time option 
*--with-setid-mode=owner* has been set when running *./configure*.  If 
it has been set, then it does not perform the "who owns the parent dirs" 

    This "feature" is implemented in the function 
checkParentDirectories(), which first checks the parent ownership, and 
then checks symlinks.  My patch only disables the parent root-ownership 
check within that function; the checks for symlink destination ownership 
(which I believe were the security fixes released in version 0.6.3) are 
still applied.

    So, here is my very, very simple patch.  It's two simple #ifdef 
lines that people can enter in by hand.  Sebastian may want to make this 
fancier (like a runtime option, or a new ./configure option) but 
frankly, I don't see the point.  As I see it, if you're using 
--with-setid-mode=owner, then you probably do not want the root-owner 
check in there.

root at server1:/root/suPHP/suphp-0.6.3/src# diff -u ./Application.cpp 
--- ./Application.cpp   2008-04-24 15:21:20.000000000 -0700
+++ ./Application.cpp-dist      2008-03-30 04:43:38.000000000 -0700
@@ -492,14 +492,12 @@
         directory = directory.getParentDirectory();
         UserInfo directoryOwner = directory.getUser();
         if (directoryOwner != owner && !directoryOwner.isSuperUser()) {
             std::string error = "Directory " + directory.getPath()
                 + " is not owned by " + owner.getUsername();
             throw SoftException(error, __FILE__, __LINE__);
         if (!directory.isSymlink()
             && !config.getAllowDirectoryGroupWriteable()


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.marsching.com/pipermail/suphp/attachments/20080424/59f855d4/attachment.html>

More information about the suPHP mailing list