www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yoda <...@mail.haknich.dhis.org>
Subject Re: general/6600: phpinfo() returns a user environment
Date Thu, 28 Sep 2000 18:22:14 GMT
> Synopsis: phpinfo() returns a user environment
> State-Changed-From-To: open-closed
> State-Changed-By: fanf
> State-Changed-When: Thu Sep 28 00:41:05 PDT 2000
> State-Changed-Why:
> If you want apache to run with a clean environment, clean
> the environment when starting it. See env(1).
That's not the point; the point is the system environment shouldn't be
accessible from userspace PHP/CGI documents _at all_ as it is a large
security risk; not to mention that if the httpd is run as another user,
why is the environment saved in the first place?

View raw message