Date: Mon, 15 Jun 2009 09:56:42 -0800 From: Mel Flynn <mel.flynn+fbsd.questions@mailing.thruhere.net> To: freebsd-questions@freebsd.org Cc: Paul Schmehl <pschmehl_lists@tx.rr.com>, "Philip M. Gollucci" <pgollucci@freebsd.org> Subject: Re: path for user www Message-ID: <200906150956.43085.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> In-Reply-To: <2A832F905771652089DDC019@utd65257.utdallas.edu> References: <alpine.BSF.2.00.0906151131390.34405@macos.cmi.ua.ac.be> <alpine.BSF.2.00.0906151404040.38025@macos.cmi.ua.ac.be> <2A832F905771652089DDC019@utd65257.utdallas.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 15 June 2009 06:29:13 Paul Schmehl wrote: > Why would you want to? You'd open yourself up to all sorts of potential > compromise paths. There's a reason why root's path is different from > normal users. Without forcing a PATH for apache, you open yourself up to exactly the things you're warning for, when you restart apache in multi-user. When using sudo apache would actually have the PATH of your normal user. Also, PATH for root is _not_ noticably different from normal users in a vanilla install. Only the path during rc(8) stage is sanitized, which is why you see a different path after reboot. Ideally, the apache port would install a path.env.default in the envvars.d directory and mention it's usage in pkg-message. -- Mel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906150956.43085.mel.flynn%2Bfbsd.questions>