Processed: Re: Bug#230991: apache: Init script doesn't set PATH
Processing commands for [EMAIL PROTECTED]: > tags 229653 - woody moreinfo Bug#229653: apache: /etc/init.d/apache still leaking environment Tags were: moreinfo woody patch Tags removed: woody, moreinfo > merge 230991 229653 Bug#229653: apache: /etc/init.d/apache still leaking environment Bug#230991: apache: Init script doesn't set PATH Merged 229653 230991. > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Bug#230991: apache: Init script doesn't set PATH
tags 229653 - woody moreinfo merge 230991 229653 thanks Dupe of 229653, which is still present in unstable. Is being looked into. (I will test & submit a patch, probably tomorrow). --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber & MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl
Bug#230991: apache: Init script doesn't set PATH
Package: apache Version: 1.3.29.0.1-3 Severity: normal The Apache init script does not set the PATH variable to something sane like most other init scripts do. That way the PATH from the root user who started apache manually can leak into CGI scripts. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.21 Locale: LANG=C, LC_CTYPE=de_DE Versions of packages apache depends on: ii apache-common 1.3.29.0.1-3 Support files for all Apache webse ii debconf 1.4.8Debian configuration management sy ii dpkg1.10.18 Package maintenance system for Deb ii libc6 2.3.2.ds1-11 GNU C Library: Shared libraries an ii libdb4.14.1.25-16Berkeley v4.1 Database Libraries [ ii libexpat1 1.95.6-6 XML parsing C library - runtime li ii libmagic1 4.07-2 File type determination library us ii libpam0g0.76-15 Pluggable Authentication Modules l ii logrotate 3.6.5-2 Log rotation utility ii mime-support3.24-1 MIME files 'mime.types' & 'mailcap ii perl [perl5]5.8.3-1 Larry Wall's Practical Extraction -- debconf information excluded