https://issues.apache.org/bugzilla/show_bug.cgi?id=46716
Matus "fantomas" Uhlar <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WONTFIX | --- Comment #4 from Matus "fantomas" Uhlar <[email protected]> 2011-06-30 06:56:34 UTC --- The need for avoiding privilege escalation vulnerability is exactly the reason why I set TMPDIR to "arbitrary" values in virtual hosts (different for each vhost). The only one who can set TMPDIR is the one who configures and/or executes apache process, and that person is able to disrupt security much more than by setting TMPDIR, which is way NOT to disrupt it. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
