apache_1.3.29-php-suexec-mod_ssl-patch
apache_1.3.29-php-suexec-patch
apache_1.3.29-nouids.patch
apache_1.3.28-nouids
apache_1.3.28-php-suexec-mod_ssl-patch
apache_1.3.28-php-suexec-patch
apache_1.3.27-nouids:
Apache 1.3.27 patch. See below ;>
apache_1.3.27-php-suexec-mod_ssl-patch:
Some problems apparently appear when you want to use the patch below in combination
with mod_ssl. This patch seems to fix it.
Special thanks to Philemon Daubard :)
apache_1.3.27-php-suexec-patch:
Updated version of the php suexec patch.
See also the php suexec howto (thanks to Patrick Viet).
apache_1.3.26-nouids:
Same story, updated version.
apache_1.3.26-php-suexec-patch:
Same story :)
This version now includes a working configure option called --enable-suexecphp :)
Should apply without problems.
apache_1.3.24-nouids:
This patch is basically the same as the nouidresolving patch below. The
only difference is the version ;>
apache_1.3.24-php-suexec-patch:
This is the updated version of the php suexec patch for apache 1.3.22. The major
difference is that owners of virtual hosts can now connect an extension to a
php handler. This is nearly the same as the php vhost configuration in the mod_php
config. After you applied the apache (patch -p0 < apache_1.3.24-php-suexec-patch
in the directory below apache_1.3.24), you need to run configure with the ./configure
script and run the following commands:
echo 'echo -DINCLUDEPHP' >> src/apaci
echo '#define INCLUDEPHP' >> src/support/suexec.h
After that, build and install apache. After that, configure php in httpd.conf with
the following statements:
AddHandler application/x-httpd-php .php .phtml
AddHandler application/x-httpd-php3 .php
When all this is done, you should have a working php-suexec configuration. Note that
the AddHandler configuration differs from the mod_php config. mod_php uses the "AddType"
statements to connect an extension to a php handler, my patches uses "AddHandler" for
this.
Other note: The php binaries need to be called "php4.cgi" and "php3.cgi" and need to
be installed in /usr/local/bin.
For more information, see the below.
apache-nouidresolving:
This patch disables the resolving of users in virtual hosts. This is probably
only useful if you use suexec (which will be patched as well). When you've (re)built
your apache with this patch, you can either state a config option like User "user"
or User "#1000". This works for the Group option (in vhosts) as well.
This patch is extremely useful for mass virtual hosting where no users exist on the hosting
box itsself.
apache-php-suexec-patch:
If you run suexec on apache and you have mod_php (3 or 4, doesn't matter) you have created
an insecure cgi environment. Apache modules run under the same uid as where apache is running
under. There is no way (and there probably will never be a way) to change the user id in
such a module. Therefore, if users execute scripts under mod_php, they can browse through
the filesystem and read stuff of other users which they shouldn't be able to. Now, if you
apply this patch and enable suexec, you can circumvent this "handicap".
With this patch, mod_php will be useless and should be disabled. You'll need to create php as
a binary. Read the php configuration documentation for more information. This patch patches
apache_1.3.22/src/support/suexec.c. It adds some definitions to it, like the location to
the php3 and php4 binaries (the definitions are called PHP3 and PHP4) and a location to a
directory where no default suexec checking will be done. The last option can be disabled.
After you've compiled suexec (or the whole apache system), you need to enter the following
statements to your httpd.conf:
AddHandler cgi-script .php3
AddHandler cgi-script .php4
AddHandler cgi-script .php
These statements indicate that .php3, .php4 and .php files should be treated as cgi scripts.
If you omit these, php will not work.
This patch is also extremely useful for mass virtual hosting environments. It is absolutely
*not* useful for servers running 1 site with no additional (third party) sites. I've been told
that some php stuff, which runs specifically under mod_php won't work anymore if you run php
like this.
I run these patches in big production environments. I would like to know your opinion about
these patches. You can report problems to johan@localhost.nl.
More patches and apps will follow..