I know the topic of using phpsuexec or not has been discussed several times, but I rarely hear anything about suphp. I was just wondering what other people's opinions of it are. Are there any pros or cons for using one over the other? I tend to like suPHP better because you can turn it on for only one virtualhost. I'm not aware of a way to do this with phpsuexec. I suspect the reason phpsuexec is used more is because it is available in easyapache through cpanel.
I've been researching this for the last day or so. On one site I ran across, someone mentioned that phpsuexec is no longer being worked on, but suphp is. However, it doesn't seem like there's been an update to suphp since last July.
Is there a place to go to find out about phpsuexec... like a homepage? Haven't been able to locate it yet
SolidState - Open Source Billing Solution for Web Hosts
I use suphp in some places, and it works really good. It gives you an extra layer of security (if you trust the suid binary of course). Its also easy to run many different php versions, like 4 and 5 simultaneously (trivial patch required).
Downside is it needs to use the cgi version of php, which means its going to be slower. One good thing is that you dont have to worry about compiling modules for apache each time a new php version comes out, just make a php binary, copy it over and youre set.
Anyways, back to actually saying anything about what you asked, i havent tried phpsuexec, but suphp works really good. There isn't a lot of development going on with it at the moment though, i think the guy that wrote it is working on a complete rewrite that is going to take a lot of time before its done.
I've only noticed load problems on phpsuexec servers that already had a bit of a load before hand. I've seen implementations of php as a cgi with fastcgi for instance and eaccellerator ( newer mmcache ) which was really helpfull in this instance. A lot of people rather the non cgi because its much easier to implement those sorts of things.
As far as suPHP, i've not installed or tried it out in quite a while so i won't comment, but i remeber reading that phpSuExec went EOL. Unless your using cPanel ( which still supports and will fix important bugs / issues if found in it ) its probably not a good idea to run that if indeed it still is EOL.
suphp is an alternative to phpsuexec. It is an Apache module that lets PHP scripts run as the owner of the script, instead of the web server. This offers many security and usability enhancements to the world of PHP web serving. Mainly, when users create and modify files in their directory with PHP scripts, they don't need to make those files world-writable! One drawback is that the suphp binary is setuid root, so an exploit for it could possibly allow an attacker to run arbitrary commands as root.
The suphp suid binary is based largely on apaches suexec wrapper (which is also suid), but it has lots of suphp specific stuff in it too. There are no obvious exploits as far as i and many others can tell by looking it over, but i guess its possible in theory. So concerns are valid, but has to be compared to many other security aspects that are more serious on a day to day scale, like exploits in common php scripts that can easily lead to a DoS, data corruption etc if running mod_php..