Hi Nicolas, * Nicolas Boullis <nicolas.boullis@ecp.fr> [2008-04-28 18:10]: [...] > > It was discovered that suphp, an Apache module to run PHP scripts with > > owner permissions handles symlinks insecurely, which may lead to > > privilege escalation by local users. > > I upgraded the package as suggested, but it broke my setup. > > For what it's worth, I have a virtualhost whose documentroot is > /var/www/foo. > That directory is owned by user foo. > Under this one, I have a directory /var/www/foo/bar, that contains a > script index.php, both being owned by user bar. > (This web site is composed of several branches, managed by different > people.) YFYI there is a bug about that: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477646 Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgppT1nrBRsXL.pgp
Description: PGP signature