Package: suphp-common Version: 0.7.1-3 Severity: normal Dear Maintainer,
The php-internal function mail() does INTERNALLY write to the log-file configured in the PHPs "mail.log" configuration variable. Example: mail.log = /var/log/php/mail.log When suPHP is used, the write-process of this log file will be performed as user, and not as webserver "www-data". Therefore, writing to the mail.log file is not possible. It does not help to give every users their own mail.log file, because then they could clean it, to hide that they are sending spam. I do understand that suPHP's goal is to let the PHP script run under the same privilegues as the script's owner. But in this case, the mail-logging is an INTERNAL php functionality, which should NOT be affected by suPHP. There is no acceptable way in using suPHP together with mail-logging. (A workaround is to let everybody write to the mail-log, but change the mail-log via chattr to append-only. This would avoid that users delete their log-entries, but it is not perfect, since users can append garbage to the log file and in the worst case fill the complete harddisk, without touching their own quota.) -- System Information: Debian Release: 7.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages suphp-common depends on: ii libc6 2.13-38+deb7u6 ii libgcc1 1:4.7.2-5 ii libstdc++6 4.7.2-5 ii php5-cgi 5.4.35-0+deb7u2 suphp-common recommends no packages. suphp-common suggests no packages. -- Configuration Files: /etc/suphp/suphp.conf changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
