DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10449>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10449 suexec allows environment variables not in the safe list ------- Additional Comments From [EMAIL PROTECTED] 2003-02-19 19:58 ------- strlen doesn't work here, because the env array consists of enties ala "PATH=/foo/bar". But you're right, it's not really a security risk. But I'm pedantic ;-)) I found, however, <http://bugs.apache.org/index.cgi/full/2790> and I think, most of the stuff suggested there is worth to be patched. (the current problem is also described there - with the same solution, I proposed here 5 years later ;-) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
