Do you need "PHP suEXEC Support" if php is up to Version 5.1.6?

jols

Well-Known Member
Mar 13, 2004
1,110
3
168
Because php 5.x already runs as a cgi, do you still need "PHP suEXEC Support" for good security?

Also, is this a good combo, or am I over doing it by selecting both suEXEC and PHP suEXEC?

(Looking for the most stable, compatible and secure combo here.)

Mysql 4.1.21 with php 5.1.6

Compiling apache with both:

PHP suEXEC Support

and

suEXEC Module
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
76
308
cPanel Access Level
Root Administrator
PHPSuExec allows PHP-CGI to operate without needing to modify scripts. Most PHP applications are written under the assumption PHP is used as an Apache module, not CGI. To operate with PHP-CGI, all PHP scripts need the #!/usr/bin/php (or whatever your path tot he cgi binary is) added as the first line of the script. PHPSuExec takes a PHP Script and adds that line on the fly (it doesn't actually modify the physical file, only in memory).

PHPSuexec and suExec help tighten security by performing a series of 20 or more security checks before executing the script (permissios, ownership and more are checked). That is the primary purpose of the suExec module: to enhance security.

Thus the version of PHP doesn't matter when it comes to using suExec/PHPSuExec.

PHPSuExec is for PHP Scripts only while suExec is for all.

For more information, read the Apache documentation regarding suExec.
 

Spiral

BANNED
Jun 24, 2005
2,020
8
193
Because php 5.x already runs as a cgi, do you still need "PHP suEXEC Support" for good security?
Where is the world did you get the idea that PHP 5.x "already runs as a CGI"? :D

PHP 5.x is no different that PHP 4.x as far as the different ways to install it
and can be run either as an Apache module or as a CGI!

Which way you run for any PHP version depends on the specific configure options
that you use when you compile PHP!

Also, is this a good combo, or am I over doing it by selecting both suEXEC and PHP suEXEC?
Those are 2 totally different things and you need both --

SuExec will execute CGI scripts such as those written in Perl and Python as the account
owner name instead of as the generic user nobody. Has no bearing on PHP scripts.

phpSuExec will execute PHP scripts as the account owner in much the same way as what
SuExec does for other script types.

(NOTE: A replacement for phpSuExec is available that is actually far superior to phpSuExec
called SuPHP but only works with Apache 2.x and just recently Apache 2.2.x )

(Looking for the most stable, compatible and secure combo here.)

Mysql 4.1.21 with php 5.1.6
Well if security is your concern then you just blew it regarding PHP as there is a major
security problem with all versions of PHP up to and including PHP v5.1.6.

The only version of PHP known not to have this specific problem is PHP v5.2.0
 

jols

Well-Known Member
Mar 13, 2004
1,110
3
168
The only version of PHP known not to have this specific problem is PHP v5.2.0
... which is not compatible with Invision Board, vBulletin and many others.

I guess I'll continue blowing it for a while longer. Thanks for your response.
 

deastwood

Member
Sep 22, 2006
16
0
151
i believe that is due to the lack of zend support but now there is an updated version of zend you should update that then you can update to 5.2.0 with no problems for the softwate mentioned