Bug#476693: suphp-common 0.6.2-1+etch0 denies access to symlinked directories previously allowed in the docpath

Fri, 18 Apr 2008 06:55:48 -0700 

Package: suphp-common
Version: 0.6.2-1+etch0
Severity: important


I always set the vhosts in Apache on my system to a path containing symlinks 
from a general "website" directory to the website directory of the appropriate 
user for ease of administration.

For example:

<VirtualHost *>
        ServerAdmin [EMAIL PROTECTED]

        ServerName www.example.com
        DocumentRoot /www/hosts/www.example.com

        <Directory /www/hosts/www.example.com/>
                Options IncludesNoExec FollowSymLinks
                AllowOverride AuthConfig Limit FileInfo
                Order allow,deny
                allow from all
        </Directory>
...


However, /www (owned by root) points at /var/www
inside /var/www/hosts/ each site name (e.g. www.example.com) is a symlink owned 
by root pointing at a website directory in the approriate user's home 
directory, e.g.:

www.example.com -> /home/a_user/websites/www.example.com

where the contents of their home directory and sub-directories is all owned by 
the user and their own group.


On accessing php pages, I get a 500 server error.

In the Apache error.log, it records the following:
SoftException in Application.cpp:499: Directory /www/hosts is not owned by 
a_user


When I first installed suPHP I had a similar problem, resolved by changing 
check_vhost_docroot from true to false in /etc/suphp/suphp.conf and I'm 
wondering if this security fix is no longer respecting that setting?


I have reverted back to 0.6.2 for now, so the information below may be 
misleading.

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)

Versions of packages suphp-common depends on:
ii  libc6                  2.3.6.ds1-13etch5 GNU C Library: Shared libraries
ii  libgcc1                1:4.1.1-21        GCC support library
ii  libstdc++6             4.1.1-21          The GNU Standard C++ Library v3
ii  php5-cgi               5.2.0-8+etch10    server-side, HTML-embedded scripti

suphp-common recommends no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to