hmm, on Sun, Sep 27, 2009 at 01:58:49PM +1000, Damien Miller said that
> why not just fix mod_php? (or avoid it altogether)
if you read about this on other lists where people brought it up, some
argue that this is a feature, and so there is "nothing to fix".
perhaps this is something suhosin could address, but it doesn't..
i'd be much happier if it was more like mod_perl exporting only PATH an
TZ and needing explicit directives for the perl handler regarding the
env if this is the desired outcome.
but even this is not perfect: if i start apache using sudo, that PATH
will still be my user's path. i dont think that'swhat the admin
intended (with the default sudo configuration). so even in this case
i think env(1) is a good idea...
i don't know what all the mod_${SCRIPTING_LANGUAGE}'s do, but with
env(1) i don't have to care really becuase the majority of the
cms', wikis and all the other stuff don't use env variables at all
anyway. so i am not giving it to them.
by avoiding mod_php, do you mean to use fastcgi or something like that?
or avoid php as such? because php-fastcgi does the same of course.
ditching php altogether is quite out of question at the moment i am
afraid.
-f
--
i don't have a solution but i really admire the problem.
