Rack911 patch works fine as-is on 2.2.22 through 2.2.24. The files it patches are the same between those versions.Is there a way to downgrade from APACHE 2.2.24 to APACHE 2.2.23
Because Easyapache , dont provide apache 2.2.23 in suggested apache versions .
And i want to continu to use Rack911 pacth on Apache 2.2.23 , because it seems that Rack911 patch does not work on Apache 2.2.24
Thanks a lot
Unless something changed [and i haven't checked in the past month], the patch "as is" doesn't work on 2.2.24 even though it's patching the same file . That's because the patch references the 2.2.23 directory. If the patch is not downloaded and the directory references changed to 2.2.24, the patch will not complete if you're compiling 2.2.24 with EA.Rack911 patch works fine as-is on 2.2.22 through 2.2.24. The files it patches are the same between those versions.
Must be a new patch compared to the one originally used on 2.2.22, because back when 2.2.23 came out the patch did not work on 2.2.23 without editing. Although one would never know it unless they specifically checked the EA build log to see that it didn't patch.the patch uses the -p1 flag, so it ignores paths up to the first /
editing it works, but is unnecessary.
Hi mtindor,
If I'm understanding you correctly, you're saying the Symlink [Rack911] patch doesn't apply at all on Apache 2.2.24 without modification?
I'm unable to duplicate that issue.
If I'm understanding you correctly, could you submit a ticket to support, then let me know the ticket id?
Thanks
Which patch you use is up to you. The Rack911 works regardless of PHP handler, the cPanel patch will give you problems if you're not using SuPHP.so quickly scanning this thread and others on this topic on the net i get conflicting views on this
one says cpanel has implemented a patch yet in some recent posts here in the thread cpanel staff say to use the rack911 patch
so which is it, and why didnt cpanel patch this long ago?
Turning FollowSymlinks into SymlinksIfOwnerMatch would likely not be sufficient to fully address this problem as there is a period between when the owner is checked and the file is served that can be attacked. It might be good enough for your needs though.The rack911 patch turns FollowSymlinks into SymlinksIfOwnerMatch. I personally much prefer that patch, and it has served me well on hundreds of servers.
If you are concerned, you might be better off upgrading to 11.38 and turning on apache jails so that each vhost runs inside its own chroot() which makes this problem moot.I run DSO and MOD_RUID2 so that all files are owned by the user, and executed as such too.
When enabled the user will only see what they see in jailshell. They won't be able to see any of the other users on the system home dirs.Hi Nick,
To be clear, does Apache Jails fix "the period between when the owner is checked and the file is served" or the entire overlying symlink issue?
Is this new option? Where I can find it to enable for suphp?...you might be better off upgrading to 11.38 and turning on apache jails so that each vhost runs inside its own chroot() which makes this problem moot.
Thread starter | Similar threads | Forum | Replies | Date |
---|---|---|---|---|
K | Security Policy Handling Failed | Security | 4 | |
![]() |
Solutions for handling ddos attacks? | Security | 3 | |
P | Security Handling [improving the error message is CPANEL-5713] | Security | 2 | |
H | Not find any solutions after my port 2086/2087 Blocked :'( | Security | 1 | |
O | What anti-virus solutions? | Security | 93 |