diff options
Diffstat (limited to 'network/suphp')
-rw-r--r-- | network/suphp/README | 4 | ||||
-rw-r--r-- | network/suphp/README.SLACKWARE | 42 | ||||
-rw-r--r-- | network/suphp/config/mod_suphp.conf | 41 | ||||
-rw-r--r-- | network/suphp/config/suphp.conf | 56 | ||||
-rw-r--r-- | network/suphp/doinst.sh | 16 | ||||
-rw-r--r-- | network/suphp/patches/suphp-0.7.1-nosuid.diff | 18 | ||||
-rw-r--r-- | network/suphp/slack-desc | 19 | ||||
-rw-r--r-- | network/suphp/suphp.SlackBuild | 127 | ||||
-rw-r--r-- | network/suphp/suphp.info | 10 |
9 files changed, 0 insertions, 333 deletions
diff --git a/network/suphp/README b/network/suphp/README deleted file mode 100644 index 53352c3857..0000000000 --- a/network/suphp/README +++ /dev/null @@ -1,4 +0,0 @@ -suPHP is a tool for executing PHP scripts with the permissions of their -owners. It consists of an Apache module (mod_suphp) and a setuid root -binary (suphp) that is called by the Apache module to change the uid of -the process executing the PHP interpreter. See also README.SLACKWARE diff --git a/network/suphp/README.SLACKWARE b/network/suphp/README.SLACKWARE deleted file mode 100644 index b3aaa7451b..0000000000 --- a/network/suphp/README.SLACKWARE +++ /dev/null @@ -1,42 +0,0 @@ -suphp README.SLACKWARE - -This version was compiled to look for its config file in /etc/httpd -rather then just /etc as 'httpd' looks there aswell. - -To enable this make sure to disable mod_php first, then (after editing -as needed for your site) add to /etc/httpd/httpd.conf: - - Include /etc/httpd/mod_suphp.conf - -Unlike suEXEC, suPHP tries to fix variables like $_SERVER['SCRIPT_NAME'] - -Apache php_* directives in .htaccess files will only work if you install -the 'htscanner' PHP extension (available from SBo also). However, not -every setting will work that way; using a php.ini per vhost is another -option available, configurable in /etc/http/mod_suphp.conf - -Upon each connection getpwnam() and similar user-db functions are run, -which may hinder performance on systems with many accounts (or that use -some kind of external db system) in which case running 'nscd' may help: -http://groups.google.nl/group/alt.os.linux.slackware/msg/7032b8ec0e2b11b3 - -To use different php versions 'per vhost' see: -http://www.howtoforge.com/apache2_suphp_php4_php5 - -== - -Note on capabilities: FCAPS=true - -Which, if set, will install the wrapper non-setuid. For this to work -however filesystem support must be available (ext3 has this support). -Your backup tool might ignore, or not know about, extended attribs... - -Besides the 'apache' user must be able to write to its logfile, e.g. -drwxrwxr-x 2 root apache 4096 2009-04-05 00:29 /var/log/httpd --rw-rw-r-- 1 root apache 2212 2009-04-05 13:45 /var/log/httpd/suphp_log -Which might have some consequence in logrotate configuration too. - -In case Apache is chrooted (for instance with mod_chroot available from -SBo as well), breaking out should be much harder if installed this way, as -ptrace, chroot, etc will be unavailable to get via suphp within the jail. - diff --git a/network/suphp/config/mod_suphp.conf b/network/suphp/config/mod_suphp.conf deleted file mode 100644 index 4f63db0ec4..0000000000 --- a/network/suphp/config/mod_suphp.conf +++ /dev/null @@ -1,41 +0,0 @@ -# =========================== -# == suPHP Apache module == -# =========================== - -# Invite this baby in. -LoadModule suphp_module @LIBDIR@/httpd/modules/mod_suphp.so - -# Tell her what maybe on the menu here. -AddHandler x-httpd-php .php .php3 .php4 .php5 - -# This option tells mod_suphp if a PHP-script requested on this server (or -# VirtualHost) should be run with the PHP-interpreter or returned to the -# browser "as it is". -suPHP_Engine on - -# This option tells mod_suphp which path to pass on to the PHP-interpreter -# (by setting the PHPRC environment variable). -# Do *NOT* refer to a file but to the directory the file resists in. -# If you don't use this option, PHP will use its compiled in default path. -#suPHP_ConfigPath (expects a path name) - -# Specify the user- and groupname to run PHP-scripts with. This setting -# can only be used within a <Directory> or <Location> context. -suPHP_UserGroup nfsnobody users - -# Tells mod_suphp to handle requests with the type <mime-type>. -# Please note this only works, if an action for the handler is specified -# in the suPHP configuration file. Settings on per-directory level supersede -# settings made on per-server level. -suPHP_AddHandler x-httpd-php - -# Tells mod_suphp NOT to handle requests with the type <mime-type>. This will -# override the suPHP_AddHandler setting made on a higher configuration level. -#suPHP_RemoveHandler <mime-type> - -# Sets the path to the PHP binary that is used to render files with the -# "x-httpd-php" or "application/x-httpd-php" type. This setting does -# *NOT* affect the PHP binary used for serving script requests, which is -# still configured in suphp.conf. -#suPHP_PHPPath (expects a path name) - diff --git a/network/suphp/config/suphp.conf b/network/suphp/config/suphp.conf deleted file mode 100644 index 1a2295dd0d..0000000000 --- a/network/suphp/config/suphp.conf +++ /dev/null @@ -1,56 +0,0 @@ -[global] -; Path to logfile -; This is set to where Apache logs reside aswell -logfile=/var/log/httpd/suphp_log - -; Loglevel -loglevel=info - -; User Apache is running as -webserver_user=@HTTPD_USER@ - -; Path all scripts have to be in -; This should reflect the vhosts DocumentRoot -docroot=/var/www:${HOME}/public_html - -; Path to chroot() to before executing script -;chroot=/mychroot - -; Security options -; Note: RedHat-like systems expect 'group_writeable' privs -allow_file_group_writeable=false -allow_file_others_writeable=false -allow_directory_group_writeable=false -allow_directory_others_writeable=false - -; Check wheter script is within DOCUMENT_ROOT -check_vhost_docroot=true - -; Send minor error messages to browser -errors_to_browser=true - -; PATH environment variable -env_path=/bin:/usr/bin - -; Umask to set, specify in octal notation -; Provided all users are in the 'users' group 072, -; makes sure they cannot mess about eachothers files. -; Note: homedirs can have <username>:apache 0710 perms! -umask=0072 - -; Minimum UID -; The default Slackware NIS config uses this UID boundry -min_uid=500 - -; Minimum GID -; The 'users' group -min_gid=100 - -[handlers] -; Handler for php-scripts -x-httpd-php="php:/usr/bin/php-cgi" - -; Handler for CGI-scripts -; Similar in functionality to suEXEC -x-suphp-cgi="execute:!self" - diff --git a/network/suphp/doinst.sh b/network/suphp/doinst.sh deleted file mode 100644 index 58cc2362b2..0000000000 --- a/network/suphp/doinst.sh +++ /dev/null @@ -1,16 +0,0 @@ -config() { - NEW="$1" - OLD="$(dirname $NEW)/$(basename $NEW .new)" - # If there's no config file by that name, mv it over: - if [ ! -r $OLD ]; then - mv $NEW $OLD - elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then - # toss the redundant copy - rm $NEW - fi - # Otherwise, we leave the .new copy for the admin to consider... -} - -config etc/httpd/mod_suphp.conf.new -config etc/httpd/suphp.conf.new - diff --git a/network/suphp/patches/suphp-0.7.1-nosuid.diff b/network/suphp/patches/suphp-0.7.1-nosuid.diff deleted file mode 100644 index 7a9b35de4e..0000000000 --- a/network/suphp/patches/suphp-0.7.1-nosuid.diff +++ /dev/null @@ -1,18 +0,0 @@ -diff -ur suphp-0.7.1.orig/src/Application.cpp suphp-0.7.1/src/Application.cpp ---- suphp-0.7.1.orig/src/Application.cpp 2009-03-14 18:55:25.000000000 +0100 -+++ suphp-0.7.1/src/Application.cpp 2009-04-05 13:03:10.000000000 +0200 -@@ -174,12 +174,13 @@ - throw SecurityException("Calling user is not webserver user!", - __FILE__, __LINE__); - } -- -+#if 0 - if (!api.getEffectiveProcessUser().isSuperUser()) { - throw SecurityException( - "Do not have root privileges. Executable not set-uid root?", - __FILE__, __LINE__); - } -+#endif - } - - diff --git a/network/suphp/slack-desc b/network/suphp/slack-desc deleted file mode 100644 index cefe0b4882..0000000000 --- a/network/suphp/slack-desc +++ /dev/null @@ -1,19 +0,0 @@ -# HOW TO EDIT THIS FILE: -# The "handy ruler" below makes it easier to edit a package description. Line -# up the first '|' above the ':' following the base package name, and the '|' -# on the right side marks the last column you can put a character in. You must -# make exactly 11 lines for the formatting to be correct. It's also -# customary to leave one space after the ':'. - - |-----handy-ruler-------------------------------------------------------| -suphp: suPHP (an Apache module) -suphp: -suphp: mod_suphp is a module for executing PHP scripts with the permission -suphp: of their owners rather then the user the webserver runs as. -suphp: It is similar to suEXEC for CGI/SSI but supports a configuration file. -suphp: -suphp: It uses a setuid root wrapper binary (/usr/sbin/suphp) to change -suphp: the uid of the process executing the PHP interpreter. -suphp: -suphp: suPHP is maintained by Sebastian Marsching -suphp: diff --git a/network/suphp/suphp.SlackBuild b/network/suphp/suphp.SlackBuild deleted file mode 100644 index f00002bb85..0000000000 --- a/network/suphp/suphp.SlackBuild +++ /dev/null @@ -1,127 +0,0 @@ -#!/bin/sh - -# Slackware build script for suPHP - -# Written by Menno Duursma <druiloor@zonnet.nl> - -# This program is free software. It comes without any warranty. -# Granted WTFPLv2, as published by Sam Hocevar dec'04. -# For details see http://sam.zoy.org/wtfpl/COPYING - -PRGNAM=suphp -VERSION=${VERSION:-0.7.1} -BUILD=${BUILD:-1} -TAG=${TAG:-_SBo} - -# Automatically determine the architecture we're building on: -if [ -z "$ARCH" ]; then - case "$( uname -m )" in - i?86) ARCH=i486 ;; - arm*) ARCH=arm ;; - # Unless $ARCH is already set, use uname -m for all other archs: - *) ARCH=$( uname -m ) ;; - esac -fi - -CWD=$(pwd) -TMP=${TMP:-/tmp/SBo} -PKG=$TMP/package-$PRGNAM -OUTPUT=${OUTPUT:-/tmp} - -# On capability enabled filesystems this may be enabled -FCAPS=${FCAPS:-false} - -# The stock Apache on Slackware runs httpd under system -# user/group account 'apache'. If you happen to use some -# other account change the directives below -HTTPD_USER=${HTTPD_USER:-apache} -HTTPD_GROUP=${HTTPD_GROUP:-apache} - -if [ "$ARCH" = "i486" ]; then - SLKCFLAGS="-O2 -march=i486 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i686" ]; then - SLKCFLAGS="-O2 -march=i686 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" - LIBDIRSUFFIX="64" -else - SLKCFLAGS="-O2" - LIBDIRSUFFIX="" -fi - -set -e # Exit on most errors - -rm -rf $PKG -mkdir -p $TMP $PKG $OUTPUT -cd $TMP -rm -rf $PRGNAM-$VERSION -tar xvf $CWD/$PRGNAM-$VERSION.tar.gz -cd $PRGNAM-$VERSION -chown -R root:root . -chmod -R u+w,go+r-w,a-s . - -# FCAPS: remove ruid-root check from source -if [ "$FCAPS" != "false" ]; then - patch --verbose -p1 < $CWD/patches/suphp-0.7.1-nosuid.diff -fi - -# Default to secure settings, as any of the configuration options -# can be overwritten in the config file /etc/httpd/suphp.conf anyway -CFLAGS="$SLKCFLAGS" \ -CXXFLAGS="$SLKCFLAGS" \ -./configure \ - --prefix=/usr \ - --libdir=/usr/lib${LIBDIRSUFFIX} \ - --with-apr=/usr/bin/apr-1-config \ - --with-apxs=/usr/sbin/apxs \ - --sysconfdir=/etc/httpd \ - --with-apache-user=$HTTPD_USER \ - --with-logfile=/var/log/httpd/suphp_log \ - --enable-static=no \ - --build=$ARCH-slackware-linux - -make - -# Following only strips the wrapper -make install-strip DESTDIR=$PKG - -# Strip the DSO as well -find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ - | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true - -mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -cp -a AUTHORS COPYING ChangeLog doc/* $PKG/usr/doc/$PRGNAM-$VERSION -cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild -cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE - -mkdir -p $PKG/etc/httpd -sed "s%@LIBDIR@%/usr/lib${LIBDIRSUFFIX}%" $CWD/config/mod_suphp.conf > \ - $PKG/etc/httpd/mod_suphp.conf.new - -# Make sure the user Apache runs as in correctly reflected -sed "s/@HTTPD_USER@/$HTTPD_USER/" \ - $CWD/config/suphp.conf > $PKG/etc/httpd/suphp.conf.new - -mkdir -p $PKG/install -cat $CWD/slack-desc > $PKG/install/slack-desc -cat $CWD/doinst.sh > $PKG/install/doinst.sh - -# Make sure the access permissions on target host are such that -# only the group Apache runs as has access to it -chown root:$HTTPD_GROUP $PKG/usr/sbin/suphp - -# Install setuid unless caller requested otherwise -if [ "$FCAPS" != "false" ]; then - chmod 0750 $PKG/usr/sbin/suphp - # Note: on a chrooted Apache: this should fence the jail - echo 'setcap "cap_setgid=ep cap_setuid=ep" usr/sbin/suphp' \ - >> $PKG/install/doinst.sh -else - # Install setuid-root - chmod 4750 $PKG/usr/sbin/suphp -fi - -cd $PKG -/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/network/suphp/suphp.info b/network/suphp/suphp.info deleted file mode 100644 index 4396f2225f..0000000000 --- a/network/suphp/suphp.info +++ /dev/null @@ -1,10 +0,0 @@ -PRGNAM="suphp" -VERSION="0.7.1" -HOMEPAGE="http://www.suphp.org/" -DOWNLOAD="http://www.suphp.org/download/suphp-0.7.1.tar.gz" -MD5SUM="c172dd4f15a75f4dcb08ea97d4202bb8" -DOWNLOAD_x86_64="" -MD5SUM_x86_64="" -MAINTAINER="Menno Duursma" -EMAIL="druiloor@zonnet.nl" -APPROVED="rworkman" |