suphp: distinguish between script owner and process owner
Tuesday, 5 March 2013This is a re-post of my mail to the suphp mailing list. Although the behaviour described here is a serious design issue, I've never got any feedback.
The attached patch is some kind of "proof of concept" to solve a security related problem I have with suPHP.
Problem: Run script with file/directory owner threatens the user's files.