634d29d414
Quite a few users still depend on this and are getting it from untrusted sources. Its security track record is actually pretty good still. SuPHP is still the simplest solution for shared hosting. Other vendors still provide this as well. - Add a pkg-message explaining the situation and advising users to move away from this if possible. - Stage - Take maintainership
16 lines
584 B
Text
16 lines
584 B
Text
SuPHP has no upstream maintainer and thus is not actively having
|
|
bugs and security issues addressed.
|
|
|
|
Its security track record is pretty good. The worst so far has been
|
|
privilege escalation to the httpd user, which is no worse than not
|
|
using SuPHP.
|
|
|
|
It is advisable to convert your system to PHP-FPM if possible.
|
|
|
|
The port maintainer's thoughts on sandboxing PHP are here:
|
|
|
|
http://blog.shatow.net/post/2013-07-17-sandboxing-php-part1.markdown
|
|
|
|
An overview of using PHP-FPM for application sandboxing is here:
|
|
|
|
http://blog.shatow.net/post/2013-11-27-sandboxing-php-part2.markdown
|