© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
It's worse.. it has to do with the security patch applied (something to do with symlink or something).
I've isolated the bug to this patch. (this is how I did it):
Hardy (as of Aug 7th even) w/ "current" suphp 0.6.2-2ubuntu1 fails
I went ahead and download the source and make my own .deb for 0.6.2-1ubuntu1 (aka made a "hardy" version of libapache2-
and removed 0.6.2-2ubuntu1 and installed 0.6.2-1ubuntu1 and the SAME apache configuration (which includes suphp options) works and executes files fine.
upgrade back to the offical "current" 0.6.2-2ubuntu1 and it fails about not just the PARENT directory but ALL grandparent directories not being owned by the same UID as the php script. This is a serious bug the "patch" fixed as it is impossible to give all parent directories over to a particular UID ... at some point it must be owned by .... hmmm lets say "ROOT" !!!! (UID 0)
I don't think the patch was well tested before it was accepted into fixing whatever problem it claims to fix.
so until the maintainers of suphp and the maintainer of the .deb packages for hardy (if you have gutsy, they haven't back ported that patch to it so STAY with gutsy if you use suphp) get together and figure out where this patch has failed -- it will never get fixed....
or do what I did and roll back to older .deb !! (I mean a) update/patch suphp and have it NOT work or b) roll back suphp and have it work with possible [minor] security issue)
PLEASE READ CLOSELY .. it's the patch that was introduced between 0.6.2-1ubuntu1 and 0.6.2-2ubuntu1 (see CVE-2008-1614 "Fix race condition in symlink handling")
In my case.. I have /var/www (UID root) ... /var/www/
With the patch applied. all parent folders must be owned by UID X (/var/www , /var/www/
--dx9s (Doug)