httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Malo ...@perlig.de>
Subject Re: [users@httpd] Problems w/ suExec
Date Tue, 04 Nov 2003 21:47:45 GMT
* "Stine, Matt" <Matt.Stine@stjude.org> wrote:

> Insecure $ENV{PATH} while running setuid at
> /home/web/html/Pise/tmp/revseq/A26756106797792/script line 121.
>  
> My first question would be:  Is this an error message related to suExec?

No. It's from perl, which was started in taint-checking mode. In this mode you
have to set ENV{PATH} to a fixed and trusted value (besides other things). See
`perldoc perlsec` for details.

nd

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message