[In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
Synopsis: SuExec doesn't allow LD_LIBRARY_PATH to be a part of "safe_env_lst" State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Thu Jul 8 09:24:44 PDT 1999 State-Changed-Why: The whole point of the restriction of what environment variables can be passed to CGIs is to stop things like LD_LIBRARY_PATH. It is a security hole to allow LD_LIBRARY_PATH to be passed through, because it means that if someone can get access to the UID that can run suexec then they can execute arbitrary (ie. not just set CGIs) code as any user that suexec will use.
