Dear Sebastian,
Am 04.07.2014 13:20, schrieb Sebastian Marsching:
Definitely a valid argument, but I don't see why these same concerns
shouldn't apply to running PHP scripts, which are just as capable of
causing
damage and using the env variables maliciously as Perl scripts.
That is true, however suPHP filters some environment variables (in
particular PHPRC and LD_LIBRARY_PATH) that might be problematic for
PHP.
The difference between suPHP and suExec is that suPHP uses a
black-list and suExec a white-list. If you do not know which kind of
executables is run, a black-list obviously is the better approach.
I am using suPHP and it works just fine. I'm happy with it. Except the
fact that there is this irreproducible bug that I don't know how to
debug. It would be REALLY helpful if you could drop a statement under
which conditions this error occurs.
Thanks in advance,
Helmuth
_______________________________________________
suPHP mailing list
[email protected]
https://lists.marsching.com/mailman/listinfo/suphp
