Date: Mon, 28 Jan 2019 09:31:44 +0000 From: bugzilla-noreply@freebsd.org To: rc@FreeBSD.org Subject: [Bug 235185] www/fcgiwrap: environment should be cleaned in /usr/local/etc/rc.d/fcgiwrap Message-ID: <bug-235185-20181-juwPIYya4q@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-235185-20181@https.bugs.freebsd.org/bugzilla/> References: <bug-235185-20181@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D235185 --- Comment #35 from Rodrigo Osorio <rodrigo@FreeBSD.org> --- As the fcgiwrap port maintainer, this is my position: 1) If we can agree that starting services by invoking the scripts directly (just like not using sysrc to update rc.conf) isn't wrong, it comes with drawbacks and since this is not the 'recommended/standard' way to start a service, users who decide to go that way should live with -no offense-. 2) The use of env -i when calling the fcgiwrap script doesn't come at no co= st. The daemon will be started with en empty PATH variable. If this has no impact in many cases, I found a few ones who makes the script fail. The most problematic one is the 'which' command used by many cgi scri= pt to discover if a command exists, and recover its full path. Run in a 'sanitized' environment, 'which' returns nothing even for base tools like l= s.=20 Once again, I'm not against changing and improving tools but not at the cos= t of a massive web-server failure on D+1 with a immediate rollback. And I fully agree if someone wants to fix it at a higher level. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-235185-20181-juwPIYya4q>