summaryrefslogtreecommitdiff
path: root/network/suphp
diff options
context:
space:
mode:
Diffstat (limited to 'network/suphp')
-rw-r--r--network/suphp/README4
-rw-r--r--network/suphp/README.SLACKWARE42
-rw-r--r--network/suphp/config/mod_suphp.conf41
-rw-r--r--network/suphp/config/suphp.conf56
-rw-r--r--network/suphp/doinst.sh16
-rw-r--r--network/suphp/patches/suphp-0.7.1-nosuid.diff18
-rw-r--r--network/suphp/slack-desc19
-rw-r--r--network/suphp/suphp.SlackBuild127
-rw-r--r--network/suphp/suphp.info10
9 files changed, 0 insertions, 333 deletions
diff --git a/network/suphp/README b/network/suphp/README
deleted file mode 100644
index 53352c3857..0000000000
--- a/network/suphp/README
+++ /dev/null
@@ -1,4 +0,0 @@
-suPHP is a tool for executing PHP scripts with the permissions of their
-owners. It consists of an Apache module (mod_suphp) and a setuid root
-binary (suphp) that is called by the Apache module to change the uid of
-the process executing the PHP interpreter. See also README.SLACKWARE
diff --git a/network/suphp/README.SLACKWARE b/network/suphp/README.SLACKWARE
deleted file mode 100644
index b3aaa7451b..0000000000
--- a/network/suphp/README.SLACKWARE
+++ /dev/null
@@ -1,42 +0,0 @@
-suphp README.SLACKWARE
-
-This version was compiled to look for its config file in /etc/httpd
-rather then just /etc as 'httpd' looks there aswell.
-
-To enable this make sure to disable mod_php first, then (after editing
-as needed for your site) add to /etc/httpd/httpd.conf:
-
- Include /etc/httpd/mod_suphp.conf
-
-Unlike suEXEC, suPHP tries to fix variables like $_SERVER['SCRIPT_NAME']
-
-Apache php_* directives in .htaccess files will only work if you install
-the 'htscanner' PHP extension (available from SBo also). However, not
-every setting will work that way; using a php.ini per vhost is another
-option available, configurable in /etc/http/mod_suphp.conf
-
-Upon each connection getpwnam() and similar user-db functions are run,
-which may hinder performance on systems with many accounts (or that use
-some kind of external db system) in which case running 'nscd' may help:
-http://groups.google.nl/group/alt.os.linux.slackware/msg/7032b8ec0e2b11b3
-
-To use different php versions 'per vhost' see:
-http://www.howtoforge.com/apache2_suphp_php4_php5
-
-==
-
-Note on capabilities: FCAPS=true
-
-Which, if set, will install the wrapper non-setuid. For this to work
-however filesystem support must be available (ext3 has this support).
-Your backup tool might ignore, or not know about, extended attribs...
-
-Besides the 'apache' user must be able to write to its logfile, e.g.
-drwxrwxr-x 2 root apache 4096 2009-04-05 00:29 /var/log/httpd
--rw-rw-r-- 1 root apache 2212 2009-04-05 13:45 /var/log/httpd/suphp_log
-Which might have some consequence in logrotate configuration too.
-
-In case Apache is chrooted (for instance with mod_chroot available from
-SBo as well), breaking out should be much harder if installed this way, as
-ptrace, chroot, etc will be unavailable to get via suphp within the jail.
-
diff --git a/network/suphp/config/mod_suphp.conf b/network/suphp/config/mod_suphp.conf
deleted file mode 100644
index 4f63db0ec4..0000000000
--- a/network/suphp/config/mod_suphp.conf
+++ /dev/null
@@ -1,41 +0,0 @@
-# ===========================
-# == suPHP Apache module ==
-# ===========================
-
-# Invite this baby in.
-LoadModule suphp_module @LIBDIR@/httpd/modules/mod_suphp.so
-
-# Tell her what maybe on the menu here.
-AddHandler x-httpd-php .php .php3 .php4 .php5
-
-# This option tells mod_suphp if a PHP-script requested on this server (or
-# VirtualHost) should be run with the PHP-interpreter or returned to the
-# browser "as it is".
-suPHP_Engine on
-
-# This option tells mod_suphp which path to pass on to the PHP-interpreter
-# (by setting the PHPRC environment variable).
-# Do *NOT* refer to a file but to the directory the file resists in.
-# If you don't use this option, PHP will use its compiled in default path.
-#suPHP_ConfigPath (expects a path name)
-
-# Specify the user- and groupname to run PHP-scripts with. This setting
-# can only be used within a <Directory> or <Location> context.
-suPHP_UserGroup nfsnobody users
-
-# Tells mod_suphp to handle requests with the type <mime-type>.
-# Please note this only works, if an action for the handler is specified
-# in the suPHP configuration file. Settings on per-directory level supersede
-# settings made on per-server level.
-suPHP_AddHandler x-httpd-php
-
-# Tells mod_suphp NOT to handle requests with the type <mime-type>. This will
-# override the suPHP_AddHandler setting made on a higher configuration level.
-#suPHP_RemoveHandler <mime-type>
-
-# Sets the path to the PHP binary that is used to render files with the
-# "x-httpd-php" or "application/x-httpd-php" type. This setting does
-# *NOT* affect the PHP binary used for serving script requests, which is
-# still configured in suphp.conf.
-#suPHP_PHPPath (expects a path name)
-
diff --git a/network/suphp/config/suphp.conf b/network/suphp/config/suphp.conf
deleted file mode 100644
index 1a2295dd0d..0000000000
--- a/network/suphp/config/suphp.conf
+++ /dev/null
@@ -1,56 +0,0 @@
-[global]
-; Path to logfile
-; This is set to where Apache logs reside aswell
-logfile=/var/log/httpd/suphp_log
-
-; Loglevel
-loglevel=info
-
-; User Apache is running as
-webserver_user=@HTTPD_USER@
-
-; Path all scripts have to be in
-; This should reflect the vhosts DocumentRoot
-docroot=/var/www:${HOME}/public_html
-
-; Path to chroot() to before executing script
-;chroot=/mychroot
-
-; Security options
-; Note: RedHat-like systems expect 'group_writeable' privs
-allow_file_group_writeable=false
-allow_file_others_writeable=false
-allow_directory_group_writeable=false
-allow_directory_others_writeable=false
-
-; Check wheter script is within DOCUMENT_ROOT
-check_vhost_docroot=true
-
-; Send minor error messages to browser
-errors_to_browser=true
-
-; PATH environment variable
-env_path=/bin:/usr/bin
-
-; Umask to set, specify in octal notation
-; Provided all users are in the 'users' group 072,
-; makes sure they cannot mess about eachothers files.
-; Note: homedirs can have <username>:apache 0710 perms!
-umask=0072
-
-; Minimum UID
-; The default Slackware NIS config uses this UID boundry
-min_uid=500
-
-; Minimum GID
-; The 'users' group
-min_gid=100
-
-[handlers]
-; Handler for php-scripts
-x-httpd-php="php:/usr/bin/php-cgi"
-
-; Handler for CGI-scripts
-; Similar in functionality to suEXEC
-x-suphp-cgi="execute:!self"
-
diff --git a/network/suphp/doinst.sh b/network/suphp/doinst.sh
deleted file mode 100644
index 58cc2362b2..0000000000
--- a/network/suphp/doinst.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-config() {
- NEW="$1"
- OLD="$(dirname $NEW)/$(basename $NEW .new)"
- # If there's no config file by that name, mv it over:
- if [ ! -r $OLD ]; then
- mv $NEW $OLD
- elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
- # toss the redundant copy
- rm $NEW
- fi
- # Otherwise, we leave the .new copy for the admin to consider...
-}
-
-config etc/httpd/mod_suphp.conf.new
-config etc/httpd/suphp.conf.new
-
diff --git a/network/suphp/patches/suphp-0.7.1-nosuid.diff b/network/suphp/patches/suphp-0.7.1-nosuid.diff
deleted file mode 100644
index 7a9b35de4e..0000000000
--- a/network/suphp/patches/suphp-0.7.1-nosuid.diff
+++ /dev/null
@@ -1,18 +0,0 @@
-diff -ur suphp-0.7.1.orig/src/Application.cpp suphp-0.7.1/src/Application.cpp
---- suphp-0.7.1.orig/src/Application.cpp 2009-03-14 18:55:25.000000000 +0100
-+++ suphp-0.7.1/src/Application.cpp 2009-04-05 13:03:10.000000000 +0200
-@@ -174,12 +174,13 @@
- throw SecurityException("Calling user is not webserver user!",
- __FILE__, __LINE__);
- }
--
-+#if 0
- if (!api.getEffectiveProcessUser().isSuperUser()) {
- throw SecurityException(
- "Do not have root privileges. Executable not set-uid root?",
- __FILE__, __LINE__);
- }
-+#endif
- }
-
-
diff --git a/network/suphp/slack-desc b/network/suphp/slack-desc
deleted file mode 100644
index cefe0b4882..0000000000
--- a/network/suphp/slack-desc
+++ /dev/null
@@ -1,19 +0,0 @@
-# HOW TO EDIT THIS FILE:
-# The "handy ruler" below makes it easier to edit a package description. Line
-# up the first '|' above the ':' following the base package name, and the '|'
-# on the right side marks the last column you can put a character in. You must
-# make exactly 11 lines for the formatting to be correct. It's also
-# customary to leave one space after the ':'.
-
- |-----handy-ruler-------------------------------------------------------|
-suphp: suPHP (an Apache module)
-suphp:
-suphp: mod_suphp is a module for executing PHP scripts with the permission
-suphp: of their owners rather then the user the webserver runs as.
-suphp: It is similar to suEXEC for CGI/SSI but supports a configuration file.
-suphp:
-suphp: It uses a setuid root wrapper binary (/usr/sbin/suphp) to change
-suphp: the uid of the process executing the PHP interpreter.
-suphp:
-suphp: suPHP is maintained by Sebastian Marsching
-suphp:
diff --git a/network/suphp/suphp.SlackBuild b/network/suphp/suphp.SlackBuild
deleted file mode 100644
index f00002bb85..0000000000
--- a/network/suphp/suphp.SlackBuild
+++ /dev/null
@@ -1,127 +0,0 @@
-#!/bin/sh
-
-# Slackware build script for suPHP
-
-# Written by Menno Duursma <druiloor@zonnet.nl>
-
-# This program is free software. It comes without any warranty.
-# Granted WTFPLv2, as published by Sam Hocevar dec'04.
-# For details see http://sam.zoy.org/wtfpl/COPYING
-
-PRGNAM=suphp
-VERSION=${VERSION:-0.7.1}
-BUILD=${BUILD:-1}
-TAG=${TAG:-_SBo}
-
-# Automatically determine the architecture we're building on:
-if [ -z "$ARCH" ]; then
- case "$( uname -m )" in
- i?86) ARCH=i486 ;;
- arm*) ARCH=arm ;;
- # Unless $ARCH is already set, use uname -m for all other archs:
- *) ARCH=$( uname -m ) ;;
- esac
-fi
-
-CWD=$(pwd)
-TMP=${TMP:-/tmp/SBo}
-PKG=$TMP/package-$PRGNAM
-OUTPUT=${OUTPUT:-/tmp}
-
-# On capability enabled filesystems this may be enabled
-FCAPS=${FCAPS:-false}
-
-# The stock Apache on Slackware runs httpd under system
-# user/group account 'apache'. If you happen to use some
-# other account change the directives below
-HTTPD_USER=${HTTPD_USER:-apache}
-HTTPD_GROUP=${HTTPD_GROUP:-apache}
-
-if [ "$ARCH" = "i486" ]; then
- SLKCFLAGS="-O2 -march=i486 -mtune=i686"
- LIBDIRSUFFIX=""
-elif [ "$ARCH" = "i686" ]; then
- SLKCFLAGS="-O2 -march=i686 -mtune=i686"
- LIBDIRSUFFIX=""
-elif [ "$ARCH" = "x86_64" ]; then
- SLKCFLAGS="-O2 -fPIC"
- LIBDIRSUFFIX="64"
-else
- SLKCFLAGS="-O2"
- LIBDIRSUFFIX=""
-fi
-
-set -e # Exit on most errors
-
-rm -rf $PKG
-mkdir -p $TMP $PKG $OUTPUT
-cd $TMP
-rm -rf $PRGNAM-$VERSION
-tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
-cd $PRGNAM-$VERSION
-chown -R root:root .
-chmod -R u+w,go+r-w,a-s .
-
-# FCAPS: remove ruid-root check from source
-if [ "$FCAPS" != "false" ]; then
- patch --verbose -p1 < $CWD/patches/suphp-0.7.1-nosuid.diff
-fi
-
-# Default to secure settings, as any of the configuration options
-# can be overwritten in the config file /etc/httpd/suphp.conf anyway
-CFLAGS="$SLKCFLAGS" \
-CXXFLAGS="$SLKCFLAGS" \
-./configure \
- --prefix=/usr \
- --libdir=/usr/lib${LIBDIRSUFFIX} \
- --with-apr=/usr/bin/apr-1-config \
- --with-apxs=/usr/sbin/apxs \
- --sysconfdir=/etc/httpd \
- --with-apache-user=$HTTPD_USER \
- --with-logfile=/var/log/httpd/suphp_log \
- --enable-static=no \
- --build=$ARCH-slackware-linux
-
-make
-
-# Following only strips the wrapper
-make install-strip DESTDIR=$PKG
-
-# Strip the DSO as well
-find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
- | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
-
-mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
-cp -a AUTHORS COPYING ChangeLog doc/* $PKG/usr/doc/$PRGNAM-$VERSION
-cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
-cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE
-
-mkdir -p $PKG/etc/httpd
-sed "s%@LIBDIR@%/usr/lib${LIBDIRSUFFIX}%" $CWD/config/mod_suphp.conf > \
- $PKG/etc/httpd/mod_suphp.conf.new
-
-# Make sure the user Apache runs as in correctly reflected
-sed "s/@HTTPD_USER@/$HTTPD_USER/" \
- $CWD/config/suphp.conf > $PKG/etc/httpd/suphp.conf.new
-
-mkdir -p $PKG/install
-cat $CWD/slack-desc > $PKG/install/slack-desc
-cat $CWD/doinst.sh > $PKG/install/doinst.sh
-
-# Make sure the access permissions on target host are such that
-# only the group Apache runs as has access to it
-chown root:$HTTPD_GROUP $PKG/usr/sbin/suphp
-
-# Install setuid unless caller requested otherwise
-if [ "$FCAPS" != "false" ]; then
- chmod 0750 $PKG/usr/sbin/suphp
- # Note: on a chrooted Apache: this should fence the jail
- echo 'setcap "cap_setgid=ep cap_setuid=ep" usr/sbin/suphp' \
- >> $PKG/install/doinst.sh
-else
- # Install setuid-root
- chmod 4750 $PKG/usr/sbin/suphp
-fi
-
-cd $PKG
-/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
diff --git a/network/suphp/suphp.info b/network/suphp/suphp.info
deleted file mode 100644
index 4396f2225f..0000000000
--- a/network/suphp/suphp.info
+++ /dev/null
@@ -1,10 +0,0 @@
-PRGNAM="suphp"
-VERSION="0.7.1"
-HOMEPAGE="http://www.suphp.org/"
-DOWNLOAD="http://www.suphp.org/download/suphp-0.7.1.tar.gz"
-MD5SUM="c172dd4f15a75f4dcb08ea97d4202bb8"
-DOWNLOAD_x86_64=""
-MD5SUM_x86_64=""
-MAINTAINER="Menno Duursma"
-EMAIL="druiloor@zonnet.nl"
-APPROVED="rworkman"