On Sat, 2008-03-22 at 15:12 +0100, Stefan Fritsch wrote:
> On Monday 18 February 2008, Jack Bates wrote:
> > I guess it'd be too complicated to ask for mod_env and suEXEC to
> > cooperate, so if a user deliberately sets PERL5LIB in a .htaccess
> > file, suEXEC passes it to the Perl CGI?
>
> This
On Monday 18 February 2008, Jack Bates wrote:
> I guess it'd be too complicated to ask for mod_env and suEXEC to
> cooperate, so if a user deliberately sets PERL5LIB in a .htaccess
> file, suEXEC passes it to the Perl CGI?
This would require suexec to parse .htaccess files. This is not
something
I guess it'd be too complicated to ask for mod_env and suEXEC to
cooperate, so if a user deliberately sets PERL5LIB in a .htaccess file,
suEXEC passes it to the Perl CGI?
From what you say, I guess this still violates the suEXEC security
model, where the suEXEC suid tool is designed to protect the
3 matches
Mail list logo
