On the other hand, those of us who are aware of this simply run their
servers with commands like this:
# setup a known secure environment for the server
/usr/bin/env - \
LOGNAME="www" \
USER="$LOGNAME" \
PATH="/usr/local/bin:/usr/bin:/bin" \
HOME="$dir" \
BLOCKSIZE=1024 \
NAME="Arctic Web Account" \
ORGANIZATION="Arctic Gaming" \
SHELL="/bin/sh" \
$dir/bin/httpd -d $dir < /dev/null >/dev/null 2>&1 &
I would -1 any change which deleted PATH.
Dean
On 13 Apr 1997, Paul Richards wrote:
> Marc Slemko <[EMAIL PROTECTED]> writes:
>
> > On Sat, 12 Apr 1997, P. Alejandro Lopez-Valencia wrote:
> >
> > > The use of a modified environemt PATH is not reflected in the
> > > actual $PATH passed to the CGI. It may constitute a security hole
> > > as the $PATH used is that of the owner of the parent process (root).
> >
> > What do you mean "modified path"? Who is modifying it? The path should
> > be that in effect when the server was started, or some default path if
> > there was none. Generally root's path is reasonably restrictive; if you
> > wish to modify it you should be able to use SetEnv or change the path
> > before you start httpd.
>
> We recently ran into this at work. I don't see any reason to pass the
> $PATH onto scripts at all. Any scripts that depend on the $PATH aren't
> written robustly enough amd should be corrected to not rely on the
> server's environement.
>
> Most security breaches are due to admin error so as far as possible
> programs should take this into account.
>
> --
> Dr Paul Richards, Originative Solutions Ltd.
> Internet: [EMAIL PROTECTED]
> Phone: 0370 462071 (UK Mobile)
>
