Hosting Provided By

Bug#426426: suEXEC and SetEnv

From: Jack Bates <ms419(at)freezone.co.uk>
Date: Mon Feb 18 2008 - 17:25:26 EST

I guess it'd be too complicated to ask for mod_env and suEXEC to cooperate, so if a user deliberately sets PERL5LIB in a .htaccess file, suEXEC passes it to the Perl CGI?

From what you say, I guess this still violates the suEXEC security model, where the suEXEC suid tool is designed to protect the user from compromised Apache / mod_env...

In my case I'm not worried about PERL5LIB, so I wish suEXEC were configurable, like suPHP

Thanks, Jack

-- 
To UNSUBSCRIBE, email to debian-apache-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


application/pgp-signature attachment: This is a digitally signed message part

Received on Mon Feb 18 17:33:23 2008

This message: [ Message body ]
Next message: Bernhard Kuemel: "Bug#466531: apache2: config file error message does not specify config file containing the error"
Previous message: Stefan Fritsch: "Bug#466369: apache2: apr_sock_info_get() failed for domain."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 03:01:09 EDT