I've analyzed the setup of three distinct hosting providers and they all had suPHP and PERL handlers ... active and running concurrently.
For the moment, my best guess is that
only suPHP shouldn't be used for CGI.
Quote:
|
If one uses the regular PHP CGI binary, all scripts are run using the rights of the server (limited damage if files have 0644) but, in case of suPHP, the CGI binary runs the scripts using the owner's privileges (unlimited access in the user's home).
|
The worst scenario would be a
local file exposure, that is, one might create a script for the suPHP CGI binary, place it in cgi-bin and be able to modify files which otherwise couldn't be modified.
Please correct me if I'm wrong.