This is a re-post of my mail to the suphp mailing list. Although the behaviour described here is a serious design issue, I've never got any feedback.

The attached patch is some kind of "proof of concept" to solve a security related problem I have with suPHP.

Problem: Run script with file/directory owner threatens the user's files.