From owner-freebsd-questions@freebsd.org Fri Apr 29 06:06:34 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C55C2B20A8B for ; Fri, 29 Apr 2016 06:06:34 +0000 (UTC) (envelope-from fluca1978@gmail.com) Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DF94168D for ; Fri, 29 Apr 2016 06:06:34 +0000 (UTC) (envelope-from fluca1978@gmail.com) Received: by mail-wm0-x22d.google.com with SMTP id e201so13986941wme.0 for ; Thu, 28 Apr 2016 23:06:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to; bh=Ma5L6HROMz4AyA9AwkN1oWZGBYJi6IDpc80+pMbtjEc=; b=PR8ZLNaKeSQ99a5NUYuFwr6KuMREFc940LwCssFPSNCgSoPWPDahdCpP6lE+sxdZq6 OF6RQ9ncXGXiQom8k6zoXbg+BCqd0EbInSaIU1WijY8dpwuESOmh1oHkBv+Gk6RY28RR +XmnwF4l/O7ZfZcv3iecwwhSJwsP4kkOtlnFia4F2g+yXLd4kLLtBFaPaPOvMXxDp1gi mnVhbbwZon6pf2XBW5DU0uqmi4ey+t/yD6KTxmuIMuyaA/n37gl6Yn5wdCE5V5kjQwNr vsk8W2l1QArml7bvtZxdEDGQOb9lFQbKcA53H4jLYgQcltsi0JFSksPdI2cp/ceo+ZtS acaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to; bh=Ma5L6HROMz4AyA9AwkN1oWZGBYJi6IDpc80+pMbtjEc=; b=VA/h6qF6mcfPr2xythkh414aU5rB7+hUNu7EynDpEjvVjv5Yll8uDn+v1I5mXW8oj+ ZTbtUbIP8hQpFBs8fg+y9aaVOI2X98yFlP+hGXC2+hThSs9G65bkcwJhazC+hDSDxfAf Y4p5pqvRq5Wu6cc1NB+YuF3Kt0kbViw0MIcznHIxKzJHxAxRGnpLwygIxe7X9VM5hBGs PFCaTc9ptMXothR5lVXVag3v2vm5NwM4cqwzryr7yKujkwsEPiI97jWKmT03lMzixKz5 Xzx5IZG2Z+T458dV3sVs7t/6da1X+rPYPYYaRGaFu/YOekIhG6tM8Kdn0XSitZZn6/nT 7bkw== X-Gm-Message-State: AOPr4FVmtb0iOZXP5wFp3mmibpcllwSwhvYzcsN31q4mt+yIF/mHA0D8N/vV5Kh92PWbdxW4TmCKOqN4GwwWrg== MIME-Version: 1.0 X-Received: by 10.28.135.204 with SMTP id j195mr1655935wmd.65.1461909991966; Thu, 28 Apr 2016 23:06:31 -0700 (PDT) Sender: fluca1978@gmail.com Received: by 10.195.8.133 with HTTP; Thu, 28 Apr 2016 23:06:31 -0700 (PDT) In-Reply-To: <20160429030038.GA83904@becker.bs.l> References: <20160426194048.GA31481@box-fra-01.niklaas.eu> <20160427120704.GA77440@becker.bs.l> <20160427133304.319a997b@gumby.homeunix.com> <20160428140606.246aaeb8@gumby.homeunix.com> <20160429030038.GA83904@becker.bs.l> Date: Fri, 29 Apr 2016 08:06:31 +0200 X-Google-Sender-Auth: SUQ9Z_279HAIBAvIYujISzVkuXo Message-ID: Subject: Re: Why is www's $PATH only /usr/bin:/bin? From: Luca Ferrari To: freebsd-questions Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Apr 2016 06:06:34 -0000 On Fri, Apr 29, 2016 at 5:00 AM, Bertram Scharpf wrote: > A nice thing. Tried it. Thanks. May be a documentation bug > that I never heard about that. Could it turn out to be a > security hole (probably not)? > I don't think it is less secure than setting the environment for the apache user directly (init file, shell file, ecc). However, there is a risk: this is activating the path/environment for every application, while probably it is a better idea to set it up only for processes running a specific application (the OP PHP one). In other words, I would use this "trick" only for jailed daemons. Luca