www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: mod_env/370: Modified PATH environemnt variable is not passed, instead system's is used
Date Sun, 13 Apr 1997 15:08:02 GMT
On 13 Apr 1997, Paul Richards wrote:

> Marc Slemko <marcs@znep.com> writes:
> 
> >  On Sat, 12 Apr 1997, P. Alejandro Lopez-Valencia wrote:
> >  
> >  > The use of a modified environemt PATH is not reflected in the
> >  > actual $PATH passed to the CGI. It may constitute a security hole
> >  > as the $PATH used is that of the owner of the parent process (root).
> >  
> >  What do you mean "modified path"?  Who is modifying it?  The path should
> >  be that in effect when the server was started, or some default path if
> >  there was none.  Generally root's path is reasonably restrictive; if you
> >  wish to modify it you should be able to use SetEnv or change the path
> >  before you start httpd.
> 
> We recently ran into this at work. I don't see any reason to pass the
> $PATH onto scripts at all. Any scripts that depend on the $PATH aren't
> written robustly enough amd should be corrected to not rely on the
> server's environement.

I don't buy that.  What if you are trying to write a generic script and
need to use ls?  How are you supposed to magically know where to find it?
It is a great idea in principle, but means that many scripts have to be
changed for each server which isn't really a nice thing.

> Most security breaches are due to admin error so as far as possible
> programs should take this into account.

I do, however, agree with the concept of what you are saying (just not
sure it can be reasonably implemented...) and think that this should be: 

	- more clearly documented
	- configurable


Mime
View raw message