httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hiten pandya <>
Subject regarding mod_env.c (PR#370)
Date Thu, 01 Jan 1970 00:00:00 GMT
hi all,

i found the PR#370 for solving ...

regarding the $PATH variable, jus' wondering, are all the 
environment variables coming right out of the shell the user is 
logged on through, i got this wild bit of code in the file:

 name = ap_getword_conf(cmd->pool, &arg);
 value = ap_getword_conf(cmd->pool, &arg);

this could possibly lead to a security risk.. dont you guys think?

i think we should provide a function which can modify the 
value of the $PATH and other major environment variables 
through the httpd.conf file, which should possible 99.9% 
remove the insecurity.


Hiten Pandya

Free E-mail - Lycos UK -
Get your domain for £9.90 -
Play now to win £1 Million -

  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message