LinkBack URL
About LinkBacksI have found that mod_ruid2 seems our best solution to have both performance +security at the same
It has mod_php's performance plus suphp's security
could you support it and add it to easyapache?
thanks
[Case 52294] support mod_ruid2
I have found that mod_ruid2 seems our best solution to have both performance +security at the same
It has mod_php's performance plus suphp's security
could you support it and add it to easyapache?
thanks
re: [Case 52294] support mod_ruid2
Hello,
We already have an internal case researching this module for a possible inclusion in EasyApache. That case is 52294
Thanks!
cPResources: Support Options | More Support Options | Forums Search | cPanel.net Site Search | Mailing Lists(Alt) | Docs
-- Tristan, Forums Technical Analyst, cPanel Tech Support
Submit a ticket | Check an existing ticket
Re: [Case 52294] support mod_ruid2
em...DA has howto since 2010, plesk even has this builtin "aready" , so surprised that cpanel is kinda of slow on this
I assume this is safer than mpm-itk
may I ask how long it might be? months?
thanks
Re: [Case 52294] support mod_ruid2
Months, at a minimum. Looking around, it seems you are the only one requesting this in a cPanel&WHM environment at the moment. If you know others that want this, please have them speak up in this feature request thread.
Keep in mind, features in cPanel&WHM are driven by community feedback of what the cPanel community wants in cPanel software. The mere presence of a function in a competitor's product (e.g. CUPS support) isn't inherent justification for us to spend development resources to accommodate that capability. We acknowledge that those using cPanel software may have different needs than users of other software hence the community-driven nature of our feature requests.
Re: [Case 52294] support mod_ruid2
well, since you provide MPM-ITK which sounds like having some possible securities issues
mod_ruid2 might be a good alternative
Re: [Case 52294] support mod_ruid2
mod_ruid2 also has security concerns, the same as those of MPM ITK. There is no real difference in the possible security implications. Have you read the README for the module installation?
It says the following:Code:wget http://downloads.sourceforge.net/project/mod-ruid/mod_ruid2/mod_ruid2-0.9.4.tar.bz2 tar xvfj mod_ruid2-0.9.4.tar.bz2 cd mod_ruid2-0.9.4 grep security README
This corresponds to the MPM ITK security warning at apache2-mpm-itk location:-there are some security issues, for instance if attacker successfully exploits the httpd process,
he can set effective capabilities and setuid to root. i recommend to use some security patch in kernel (grsec),
or something.
The only difference here is that MPM ITK's warning is prominently displayed on their site not buried inside the README file.Since mpm-itk has to be able to setuid(), it runs as root (although restricted with POSIX capabilities where possible) until the request is parsed and the vhost determined. This means that any security hole before the request is parsed will be a root security hole. (The most likely place is probably in mod_ssl.) This is not going to change in the near future, as the most likely alternative solution (socket passing and its variants) is very hard to get to work properly in a number of common use cases, like SSL.
cPResources: Support Options | More Support Options | Forums Search | cPanel.net Site Search | Mailing Lists(Alt) | Docs
-- Tristan, Forums Technical Analyst, cPanel Tech Support
Submit a ticket | Check an existing ticket
Re: [Case 52294] support mod_ruid2
This is currently being evaluated for EasyApache 3.7.
Kenneth
Product Manager
cPanel, Inc.
Re: [Case 52294] support mod_ruid2
EDIT: We are continuing to evaluate mod_ruid2 for inclusion into EasyApache.
Re: [Case 52294] support mod_ruid2
mod_ruid2 => yes
Re: [Case 52294] support mod_ruid2
I've created a custom opt mod for mod_ruid2 0.9.4 and can provide the needed changes to the vhost.default and ssl_vhost.default templates if you need them, along with a good default config for httpd.conf
Re: [Case 52294] support mod_ruid2
We still have some issues to resolve to get this to pass QA testing so we are postponing this till EasyApache 3.8.Originally Posted by cpanelkenneth
Re: [Case 52294] support mod_ruid2
An update: while this is planned for EasyApache 3.8, unlike many other EA features, you will need a specific version of cPanel&WHM for this feature to work. You will need version 11.32 or later for this functionality to work once EasyApache 3.8 is released. This means this will not be available to users of EasyApache 3.8 on cPanel&WHM 11.30.
Remember, EasyApache versions are not dependent on cPanel&WHM versions.
Re: [Case 52294] support mod_ruid2
this is a good news! great option for ppl who is struggling about tweaking fastcgi and suphp
Re: [Case 52294] support mod_ruid2
Any idea when this feature might be available (e.g., both EA 3.8 and cPanel/WHM 11.32 available)? (Just a ballpark to help us plan a project.)
Thanks,
Mark
Re: [Case 52294] support mod_ruid2
11.31 (the pre-production version of 11.32) is currently in EDGE. No projection yet on EA 3.8.
