hmm, on Sun, Sep 27, 2009 at 01:58:49PM +1000, Damien Miller said that
why not just fix mod_php? (or avoid it altogether)
if you read about this on other lists where people brought it up, some
argue that this is a feature, and so there is nothing to fix.
perhaps this is something suhosin could
is not exposed for all the world to see...
i am not going to restart my production machine for this
to make sure, but i guess root's environment is also leaked
when starting at bootup from /etc/rc.
--- /usr/sbin/apachectl Sat Sep 26 21:04:28 2009
+++ apachectl Sat Sep 26 21:06:57 2009
@@ -25,7 +25,7
good security sense to start
httpd with env -i so that the admin's environment doing
the restart is not exposed for all the world to see...
i am not going to restart my production machine for this
to make sure, but i guess root's environment is also leaked
when starting at bootup from /etc/rc
3 matches
Mail list logo