php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #16287 SUID for PHP scripts
Submitted: 2002-03-26 08:59 UTC Modified: 2002-03-26 12:12 UTC
From: luci at conexim dot com dot au Assigned:
Status: Not a bug Package: Feature/Change Request
PHP Version: 4.1.2 OS: RH7.2
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: luci at conexim dot com dot au
New email:
PHP Version: OS:

 

 [2002-03-26 08:59 UTC] luci at conexim dot com dot au 
There is a need for suexec/suid type functionality for PHP scripts - switch of ownership conext in a secure environment. Is this going to happen?

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-26 09:01 UTC] derick@php.net 
PHP already has functions to swap uids and guids, posix_* (see www.php.net/posix).

Derick
 [2002-03-26 09:08 UTC] hholzgra@php.net 
http://php.net/posix_setuid
 [2002-03-26 09:12 UTC] luci at conexim dot com dot au 
Those functions are very good, except they cannot be used in a hosting context where the users are not root...

There should be a mechanism like Apache has for .cgi's (per virtual host or location) or dynamically establishing the owner via the home directory lookup.
 [2002-03-26 09:16 UTC] luci at conexim dot com dot au 
ooops should've changed the status before...
 [2002-03-26 09:52 UTC] alan_k@php.net 
This is part of Apache &/or the web server responsiblity, doing it in PHP, would (apart from duplicate resources), be a bit security headache..

I believe it is a feature of Apache 2. 

If you are looking at cgi's, you could consider the php-cgiwrap that is available on the net somewhere.

Its not really (AFAIK) ever going to be a php feature.
 [2002-03-26 11:06 UTC] daniel@php.net 
There is no official solution for this. But you might want to read my posting:

http://news.php.net/article.php?group=php.dev&article=81135

although there are some people who believe in the greater security of mod_php as mod_php has no write access to the home directories of the user. 

feel free to contact me for further questions about php-cgiwrap by private mail.
 [2002-03-26 12:12 UTC] rasmus@php.net 
Apache 2.0's per-child mpm will have a solution for this eventually.  This can not be done at the PHP level effectively.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Mon May 27 03:01:30 2024 UTC