hallo, just wondering why the PATH variable changes after reloading the printenv script? Example: i requested http://localhost/cgi-bin/printenv i got lots of stuff back including: PATH = /bin:/usr/bin:/usr/ucb:/usr/bsd:/usr/local/bin reload the browser: PATH = /sbin:/bin:/usr/sbin:/usr/bin reload again: PATH = /bin:/usr/bin:/usr/ucb:/usr/bsd:/usr/local/bin moreover the PATH does not change consistently after each reload. it is on suse 6.1: SERVER_SOFTWARE = Apache/1.3.6 (Unix) (SuSE/Linux) PHP/3.0.7 mod_perl/1.19 mod_ssl/2.2.8 SSLeay/0.9.0b is that a security feature :) -alexm the bandwidthwaister
On Sat, 8 Apr 2000, alex medvedev wrote:
hallo,
just wondering why the PATH variable changes after reloading the printenv script? Example: i requested http://localhost/cgi-bin/printenv i got lots of stuff back including: PATH = /bin:/usr/bin:/usr/ucb:/usr/bsd:/usr/local/bin reload the browser: PATH = /sbin:/bin:/usr/sbin:/usr/bin reload again: PATH = /bin:/usr/bin:/usr/ucb:/usr/bsd:/usr/local/bin moreover the PATH does not change consistently after each reload.
Apache's threads seem to have different opinions of PATH. The inconsistency can be explained by the fact that _not_ the same thread serves every invocation of clients request. WHY the threads have different PATH is more interesting, but I can't explain that. Maybe there is a way to fiddle with apache's thread's PATH? If so, is there a way to execute other commands? -Pete
it is on suse 6.1: SERVER_SOFTWARE = Apache/1.3.6 (Unix) (SuSE/Linux) PHP/3.0.7 mod_perl/1.19 mod_ssl/2.2.8 SSLeay/0.9.0b is that a security feature :)
-alexm the bandwidthwaister
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (2)
-
alex medvedev
-
Petri Sirkkala.