It's worse.. it has to do with the security patch applied (something to do with symlink or something).
I've isolated the bug to this patch. (this is how I did it): Hardy (as of Aug 7th even) w/ "current" suphp 0.6.2-2ubuntu1 fails I went ahead and download the source and make my own .deb for 0.6.2-1ubuntu1 (aka made a "hardy" version of libapache2-mod- suphp_0.6.2-1ubuntu1_i386.deb and suphp- common_0.6.2-1ubuntu1_i386.deb) and removed 0.6.2-2ubuntu1 and installed 0.6.2-1ubuntu1 and the SAME apache configuration (which includes suphp options) works and executes files fine. upgrade back to the offical "current" 0.6.2-2ubuntu1 and it fails about not just the PARENT directory but ALL grandparent directories not being owned by the same UID as the php script. This is a serious bug the "patch" fixed as it is impossible to give all parent directories over to a particular UID ... at some point it must be owned by .... hmmm lets say "ROOT" !!!! (UID 0) I don't think the patch was well tested before it was accepted into fixing whatever problem it claims to fix. so until the maintainers of suphp and the maintainer of the .deb packages for hardy (if you have gutsy, they haven't back ported that patch to it so STAY with gutsy if you use suphp) get together and figure out where this patch has failed -- it will never get fixed.... or do what I did and roll back to older .deb !! (I mean a) update/patch suphp and have it NOT work or b) roll back suphp and have it work with possible [minor] security issue) PLEASE READ CLOSELY .. it's the patch that was introduced between 0.6.2-1ubuntu1 and 0.6.2-2ubuntu1 (see CVE-2008-1614 "Fix race condition in symlink handling") In my case.. I have /var/www (UID root) ... /var/www/"site-name" (UID www-data, same as apache UID) and /var/www/"site- name"/htdocs/..../folder (UID X where "X" is same UID as script that executes in that folder)... With the patch applied. all parent folders must be owned by UID X (/var/www , /var/www/"site-name", /var/www/"site-name"/htdocs, /var/www /"site-name"/htdocs/..../folder <--- all must be owned by UID X for script in "folder" to work) -- this is a serious break-age of suphp!!!! --dx9s (Doug) ** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1614 -- php5-cgi not working with suphp in Hardy https://bugs.launchpad.net/bugs/253268 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
