upgrade to suphp 0.6.3

Discussion in 'HOWTO-Related Questions' started by Hans, Apr 8, 2008.

  1. Hans

    Hans Moderator ISPConfig Developer

    suPHP 0.6.3 SECURITY ISSUE: Immediate update advised

    Dear Falko,

    I've setup suphp according your howto: http://www.howtoforge.com/install-s...tions-for-use-with-ispconfig-2.2.20-and-above, which is based on suphp 0.6.2. On 30-3-2008 suphp version 0.6.3 has been released and it is recomended to upgrade to this version as you can see here: http://www.suphp.org/Home.html

    Now my question:
    What are the recomended steps to perform an upgrade to this new suphp version?

    I guess the following steps, but i want to be sure (because of ISPConfig and it's suPHP wrapper):

    cd /tmp
    wget http://www.suphp.org/download/suphp-0.6.3.tar.gz
    tar xvfz suphp-0.6.3.tar.gz
    cd suphp-0.6.3
    ./configure --prefix=/usr --sysconfdir=/etc --with-apache-user=www-data --with-setid-mode=paranoid --with-apxs=/usr/bin/apxs2
    make
    make install

    Kind regards,

    Hans
     
    Last edited: Apr 8, 2008
  2. falko

    falko Super Moderator ISPConfig Developer

    That should work - same steps as in the tutorial, but with a different version number.
     
  3. Hans

    Hans Moderator ISPConfig Developer

    Thanks Falko for your reply.
    (I needed that confirmation) ;)

    I updated suphp on my both servers. Everything seems to work indeed. :)
     
  4. madmucho

    madmucho ISPConfig Developer ISPConfig Developer

    Hm i have some issue in mandriva...again...
    compiled ok httpd restarted with no errors, but my testing web gets 500 error in part where is some file function called..
    This is in suPHP log.

    Code:
    [Tue Apr 22 00:20:35 2008] [warn] Directory /var/www is not owned by web1_webmas
    ter
    [Tue Apr 22 00:21:50 2008] [warn] Directory /var/www is not owned by web1_webmas
    ter
    
    my website is in /var/www/web1
    with 0.6.2 that works ok.


    my suPHP.conf

    Code:
    allow_directory_group_writeable=true
    allow_directory_others_writeable=false
    
    ;Check wheter script is within DOCUMENT_ROOT
    check_vhost_docroot=true
    
    ;Send minor error messages to browser
    errors_to_browser=false
    
    ;PATH environment variable
    env_path=/bin:/usr/bin
    
    ;Umask to set, specify in octal notation
    umask=0077
    
    ; Minimum UID
    min_uid=100
    
    ; Minimum GID
    min_gid=100
    
    [handlers]
    ;Handler for php-scripts
    x-httpd-php=php:/home/admispconfig/ispconfig/tools/suphp/usr/bin/php-wrapper
    
    ;Handler for CGI-scripts
    x-suphp-cgi=execute:!self
    
    
     
  5. falko

    falko Super Moderator ISPConfig Developer

    Can you post the vhost configuration of the /var/www/web1 web site?
     
  6. madmucho

    madmucho ISPConfig Developer ISPConfig Developer

    ok here is my web1 vhost file
    Code:
    <VirtualHost 192.168.1.123:80>
    RewriteEngine on
    RewriteCond %{HTTP_HOST}   ^stats.dch.cz [NC]
    RewriteRule   ^/(.*)$ /stats/$1  [L]
    RewriteCond %{HTTP_HOST}   ^meteo.dch.cz [NC]
    RewriteRule   ^/(.*)$ /meteo/$1  [L]
    SuexecUserGroup web1_webmaster web1
    ServerName www.dch.cz:80
    ServerAdmin [email protected]
    DocumentRoot /var/www/web1/web
    ServerAlias mail.dch.cz admin.dch.cz mysql.dch.cz webmin.dch.cz stats.dch.cz use
    r.dch.cz dch.cz meteo.dch.cz okna.dch.cz www.okna.dch.cz mailuser.dch.cz webcam.
    dch.cz nod.dch.cz
    DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 i
    ndex.shtml index.cgi index.pl index.jsp Default.htm default.htm
    Alias  /cgi-bin/ /var/www/web1/cgi-bin/
    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    ErrorLog /var/www/web1/log/error.log
    AddType application/x-httpd-php .php .php3 .php4 .php5
    <Directory /var/www/web1/web>
      suPHP_Engine on
      suPHP_UserGroup web1_webmaster web1
      AddHandler x-httpd-php .php .php3 .php4 .php5
      suPHP_AddHandler x-httpd-php
      SetEnv php_safe_mode Off
    </Directory>
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
    AddType application/vnd.wap.wmlscriptc .wmlsc .wsc
    AddType text/vnd.wap.wml .wml
    AddType text/vnd.wap.wmlscript .ws .wmlscript
    AddType image/vnd.wap.wbmp .wbmp
    Alias /error/ "/var/www/web1/web/error/"
    ErrorDocument 400 /error/invalidSyntax.html
    ErrorDocument 401 /error/authorizationRequired.html
    ErrorDocument 403 /error/forbidden.html
    ErrorDocument 404 /error/fileNotFound.html
    ErrorDocument 405 /error/methodNotAllowed.html
    ErrorDocument 500 /error/internalServerError.html
    ErrorDocument 503 /error/overloaded.html
    AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
    AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
    RewriteEngine on
    RewriteCond %{HTTP_HOST}   ^mail\.dch\.cz [NC]
    RewriteRule ^/(.*)         http://dch.cz:81/roundcubemail/$1 [L,R]
    RewriteCond %{HTTP_HOST}   ^admin\.dch\.cz [NC]
    RewriteRule ^/(.*)         http://dch.cz:81/$1 [L,R]
    RewriteCond %{HTTP_HOST}   ^mysql\.dch\.cz [NC]
    RewriteRule ^/(.*)         http://dch.cz:81/phpmyadmin/$1 [L,R]
    RewriteCond %{HTTP_HOST}   ^webmin\.dch\.cz [NC]
    RewriteRule ^/(.*)         https://dch.cz:10000/$1 [L,R]
    RewriteCond %{HTTP_HOST}   ^user\.dch\.cz [NC]
    RewriteRule ^/(.*)         https://dch.cz:20000/$1 [L,R]
    RewriteCond %{HTTP_HOST}   ^dch\.cz [NC]
    RewriteRule ^/(.*)         http://www.dch.cz/$1 [L,R]
    RewriteCond %{HTTP_HOST}   ^mailuser\.dch\.cz [NC]
    RewriteRule ^/(.*)         http://dch.cz:81/mailuser/$1 [L,R]
    RewriteCond %{HTTP_HOST}   ^webcam\.dch\.cz [NC]
    RewriteRule ^/(.*)         http://dch.cz:83/$1 [L,R]
    RewriteCond %{HTTP_HOST}   ^nod\.dch\.cz [NC]
    RewriteRule ^/(.*)         https://dch.cz:82/$1 [L,R]
    </VirtualHost>
    
    
     
  7. falko

    falko Super Moderator ISPConfig Developer

    Looks ok.
    Can you post the output of
    Code:
    ls -la /var
    as well?
     
  8. madmucho

    madmucho ISPConfig Developer ISPConfig Developer

    here is, currently i have suphp 0.6.2 active

    drwxr-xr-x 21 root root 1024 bře 4 15:16 ./
    drwxr-xr-x 21 root root 1024 dub 23 14:03 ../
    drwxr-xr-x 2 root root 1024 bře 4 15:16 backup/
    drwxr-xr-x 15 root root 1024 úno 27 16:06 cache/
    drwxr-xr-x 2 root root 1024 pro 6 2006 db/
    drwxr-xr-x 2 root root 1024 bře 27 12:01 empty/
    drwxr-xr-x 3 root root 1024 zář 6 2007 ftp/
    drwxr-xr-x 2 root root 1024 dub 5 2007 iptraf/
    drwxr-xr-x 38 root root 1024 dub 23 14:17 lib/
    drwxr-xr-x 2 root root 1024 pro 6 2006 local/
    drwxrwxr-x 3 root root 1024 dub 23 11:07 lock/
    drwxr-xr-x 22 root root 3072 dub 21 23:59 log/
    lrwxrwxrwx 1 root root 10 kvě 19 2007 mail -> spool/mail/
    drwxr-xr-x 2 root root 1024 pro 6 2006 nis/
    drwxr-xr-x 2 root root 1024 pro 6 2006 opt/
    drwxr-xr-x 2 root root 1024 pro 6 2006 preserve/
    drwxr-xr-x 23 root root 2048 dub 23 14:06 run/
    drwxr-xr-x 11 root root 1024 říj 29 20:10 spool/
    drwxr-xr-x 3 root root 1024 lis 18 2006 state/
    drwxrwxrwt 2 root root 1024 dub 23 11:20 tmp/
    drwxr-xr-x 2 root root 1024 úno 22 2007 webmin/
    drwxr-xr-x 16 apache apache 1024 dub 4 05:00 www/
     
  9. H2SO4

    H2SO4 New Member

    i've installed suphp 0.6.2 on ispconfig 2.2.18 based on this howto: http://www.howtoforge.com/suphp_debian_etch_ispconfig
    i've updated ispconfig to 2.2.22 and still to work properly.

    but, all the webs get 500 error after updated suphp to 0.6.3 based on this howto: http://www.howtoforge.com/install-s...tions-for-use-with-ispconfig-2.2.20-and-above

    debian etch amd64, apache 2.2.3, php 5.2.0-8
     
  10. falko

    falko Super Moderator ISPConfig Developer

    Can you try and change
    Code:
    allow_directory_others_writeable=false
    to
    Code:
    allow_directory_others_writeable=true 
    in /etc/suphp.conf?
     

Share This Page