On Sun, Sep 27, 2009 at 03:10:51PM +0200, frantisek holop wrote:
> hmm, on Sun, Sep 27, 2009 at 01:58:49PM +1000, Damien Miller said that
> > why not just fix mod_php? (or avoid it altogether)
>
> if you read about this on other lists where people brought it up, some
> argue that this is a feature
hmm, on Sun, Sep 27, 2009 at 01:58:49PM +1000, Damien Miller said that
> why not just fix mod_php? (or avoid it altogether)
if you read about this on other lists where people brought it up, some
argue that this is a feature, and so there is "nothing to fix".
perhaps this is something suhosin could
why not just fix mod_php? (or avoid it altogether)
On Sat, 26 Sep 2009, frantisek holop wrote:
> hi there,
>
> given that apache is often re-started using apachectl
> and that apache/mod_php leaks environment variables
> and that mostly sudo is used in this process as well,
> i thought it would
hi there,
given that apache is often re-started using apachectl
and that apache/mod_php leaks environment variables
and that mostly sudo is used in this process as well,
i thought it would make good security sense to start
httpd with env -i so that the admin's environment doing
the restart is not
4 matches
Mail list logo
