The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Do you need "PHP suEXEC Support" if php is up to Version 5.1.6?

Discussion in 'General Discussion' started by jols, Dec 10, 2006.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Because php 5.x already runs as a cgi, do you still need "PHP suEXEC Support" for good security?

    Also, is this a good combo, or am I over doing it by selecting both suEXEC and PHP suEXEC?

    (Looking for the most stable, compatible and secure combo here.)

    Mysql 4.1.21 with php 5.1.6

    Compiling apache with both:

    PHP suEXEC Support

    and

    suEXEC Module
     
  2. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    PHPSuExec allows PHP-CGI to operate without needing to modify scripts. Most PHP applications are written under the assumption PHP is used as an Apache module, not CGI. To operate with PHP-CGI, all PHP scripts need the #!/usr/bin/php (or whatever your path tot he cgi binary is) added as the first line of the script. PHPSuExec takes a PHP Script and adds that line on the fly (it doesn't actually modify the physical file, only in memory).

    PHPSuexec and suExec help tighten security by performing a series of 20 or more security checks before executing the script (permissios, ownership and more are checked). That is the primary purpose of the suExec module: to enhance security.

    Thus the version of PHP doesn't matter when it comes to using suExec/PHPSuExec.

    PHPSuExec is for PHP Scripts only while suExec is for all.

    For more information, read the Apache documentation regarding suExec.
     
  3. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Excellent answer. Thanks for clearing that up.
     
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Where is the world did you get the idea that PHP 5.x "already runs as a CGI"? :D

    PHP 5.x is no different that PHP 4.x as far as the different ways to install it
    and can be run either as an Apache module or as a CGI!

    Which way you run for any PHP version depends on the specific configure options
    that you use when you compile PHP!

    Those are 2 totally different things and you need both --

    SuExec will execute CGI scripts such as those written in Perl and Python as the account
    owner name instead of as the generic user nobody. Has no bearing on PHP scripts.

    phpSuExec will execute PHP scripts as the account owner in much the same way as what
    SuExec does for other script types.

    (NOTE: A replacement for phpSuExec is available that is actually far superior to phpSuExec
    called SuPHP but only works with Apache 2.x and just recently Apache 2.2.x )

    Well if security is your concern then you just blew it regarding PHP as there is a major
    security problem with all versions of PHP up to and including PHP v5.1.6.

    The only version of PHP known not to have this specific problem is PHP v5.2.0
     
  5. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    ... which is not compatible with Invision Board, vBulletin and many others.

    I guess I'll continue blowing it for a while longer. Thanks for your response.
     
  6. deastwood

    deastwood Member

    Joined:
    Sep 22, 2006
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    i believe that is due to the lack of zend support but now there is an updated version of zend you should update that then you can update to 5.2.0 with no problems for the softwate mentioned
     
Loading...

Share This Page