Definitely a valid argument, but I don't see why these same concerns
shouldn't apply to running PHP scripts, which are just as capable of
causing damage and using the env variables maliciously as Perl scripts.
On 7/3/14, 7:03 AM, Sebastian Marsching wrote:
Am 03.07.2014 um 12:32 schrieb Joe Gillotti <[email protected]>:
Not many people are completely aware of this but suPHP also works for executing
one-off CGI scripts/binaries (I.E. not php) and can take the place of suexec.
I seriously recommend not to use suPHP as a replacement for suExec. suPHP does
not have the same strict filtering of environment variables that suExec has, so
that there might be security issues (e.g. if running Perl scripts).
_______________________________________________
suPHP mailing list
[email protected]
https://lists.marsching.com/mailman/listinfo/suphp
