On 13 Apr 1997, Paul Richards wrote:
> Marc Slemko <[EMAIL PROTECTED]> writes:
>
> > On Sat, 12 Apr 1997, P. Alejandro Lopez-Valencia wrote:
> >
> > > The use of a modified environemt PATH is not reflected in the
> > > actual $PATH passed to the CGI. It may constitute a security hole
> > > as the $PATH used is that of the owner of the parent process (root).
> >
> > What do you mean "modified path"? Who is modifying it? The path should
> > be that in effect when the server was started, or some default path if
> > there was none. Generally root's path is reasonably restrictive; if you
> > wish to modify it you should be able to use SetEnv or change the path
> > before you start httpd.
>
> We recently ran into this at work. I don't see any reason to pass the
> $PATH onto scripts at all. Any scripts that depend on the $PATH aren't
> written robustly enough amd should be corrected to not rely on the
> server's environement.
I don't buy that. What if you are trying to write a generic script and
need to use ls? How are you supposed to magically know where to find it?
It is a great idea in principle, but means that many scripts have to be
changed for each server which isn't really a nice thing.
> Most security breaches are due to admin error so as far as possible
> programs should take this into account.
I do, however, agree with the concept of what you are saying (just not
sure it can be reasonably implemented...) and think that this should be:
- more clearly documented
- configurable
