why not just fix mod_php? (or avoid it altogether) On Sat, 26 Sep 2009, frantisek holop wrote:
> hi there, > > given that apache is often re-started using apachectl > and that apache/mod_php leaks environment variables > and that mostly sudo is used in this process as well, > i thought it would make good security sense to start > httpd with env -i so that the admin's environment doing > the restart is not exposed for all the world to see... > > i am not going to restart my production machine for this > to make sure, but i guess root's environment is also leaked > when starting at bootup from /etc/rc. > > --- /usr/sbin/apachectl Sat Sep 26 21:04:28 2009 > +++ apachectl Sat Sep 26 21:06:57 2009 > @@ -25,7 +25,7 @@ > PIDFILE=/var/www/logs/httpd.pid > # > # the path to your httpd binary, including options if necessary > -HTTPD=/usr/sbin/httpd > +HTTPD="/usr/bin/env -i /usr/sbin/httpd" > # > # a command that outputs a formatted text version of the HTML at the > # url given on the command line. Designed for lynx, however other > > arguably, there could be some important env variables used > for modifying apache/php's behaviour but probably the admin > is aware of these and handles them accordingly, but i think > the default should be more conservative. > > -f > -- > i promise not to let it happen again - until next time.
