> Definitely a valid argument, but I don't see why these same concerns > shouldn't apply to running PHP scripts, which are just as capable of causing > damage and using the env variables maliciously as Perl scripts.
That is true, however suPHP filters some environment variables (in particular PHPRC and LD_LIBRARY_PATH) that might be problematic for PHP. The difference between suPHP and suExec is that suPHP uses a black-list and suExec a white-list. If you do not know which kind of executables is run, a black-list obviously is the better approach. _______________________________________________ suPHP mailing list [email protected] https://lists.marsching.com/mailman/listinfo/suphp
