A word of caution on the use of suphp

From: Steven Van Acker (deepstar_at_ulyssis.org)
Date: 08/23/04

Next message: Geoff Vass: "Running renamed executables with CMD.EXE"

Previous message: I)ruid: "CAU-2004-0002 - imwheel Predictable PidFile Name Race Condition"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 23 Aug 2004 23:25:11 +0200
To: bugtraq@securityfocus.com

Hi,

I've sent this "advisory" to the suphp author over 2 weeks ago and to
the suphp mailinglist more than 1 week ago.
Until now, I didn't get a reply so I'm assuming noone could care less.

This information is intended for people who plan to use suphp as a
replacement for the standard PHP module in apache.

greets,
-- Steven

text/plain attachment: suphp-advisory.txt

Next message: Geoff Vass: "Running renamed executables with CMD.EXE"

Previous message: I)ruid: "CAU-2004-0002 - imwheel Predictable PidFile Name Race Condition"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Major Security Flaw with apache on FC3
... > get this php filemanager: ... > Switching between suphp and mod_php didtn change anything .. ... I have doubts that Apache is able to change filesystem ...
(Fedora)
Re: Secured hosting on a shared server--impossible?
... Apache, e.g. ... suPHP uses the CGI php binary. ... for you own scripts with https, just run them on different ports (like ... he who does not ask a question remains a fool forever" ...
(comp.lang.php)
Re: suPHP - secure/reliable?
... > I'd like to know your opinions on suPHP. ... > Does anyone have anything to say about suPHP, ... Each Apache is listening on a separate ... requests to user_dirs to the appropriate port number. ...
(freebsd-questions)