On Sun, Sep 27, 2009 at 03:10:51PM +0200, frantisek holop wrote:
> hmm, on Sun, Sep 27, 2009 at 01:58:49PM +1000, Damien Miller said that
> > why not just fix mod_php? (or avoid it altogether)
>
> if you read about this on other lists where people brought it up, some
> argue that this is a feature, and so there is "nothing to fix".
> perhaps this is something suhosin could address, but it doesn't..
>
> i'd be much happier if it was more like mod_perl exporting only PATH an
> TZ and needing explicit directives for the perl handler regarding the
> env if this is the desired outcome.
>
> but even this is not perfect: if i start apache using sudo, that PATH
> will still be my user's path. i dont think that'swhat the admin
> intended (with the default sudo configuration). so even in this case
> i think env(1) is a good idea...
>
> i don't know what all the mod_${SCRIPTING_LANGUAGE}'s do, but with
> env(1) i don't have to care really becuase the majority of the
> cms', wikis and all the other stuff don't use env variables at all
> anyway. so i am not giving it to them.
>
>
> by avoiding mod_php, do you mean to use fastcgi or something like that?
> or avoid php as such? because php-fastcgi does the same of course.
> ditching php altogether is quite out of question at the moment i am
> afraid.
>
Switch to suPHP?
>
> -f
> --
> i don't have a solution but i really admire the problem.
>
>
--
--
