Date: Fri, 29 Apr 2016 08:06:31 +0200 From: Luca Ferrari <fluca1978@infinito.it> To: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Why is www's $PATH only /usr/bin:/bin? Message-ID: <CAKoxK%2B5QDtcHPZyVTwG2eUC2ncfLCwePaL=FsXHe1UQMdAbD3Q@mail.gmail.com> In-Reply-To: <20160429030038.GA83904@becker.bs.l> References: <20160426194048.GA31481@box-fra-01.niklaas.eu> <20160427120704.GA77440@becker.bs.l> <20160427133304.319a997b@gumby.homeunix.com> <20160428140606.246aaeb8@gumby.homeunix.com> <20160429030038.GA83904@becker.bs.l>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Apr 29, 2016 at 5:00 AM, Bertram Scharpf <lists@bertram-scharpf.de> wrote: > A nice thing. Tried it. Thanks. May be a documentation bug > that I never heard about that. Could it turn out to be a > security hole (probably not)? > I don't think it is less secure than setting the environment for the apache user directly (init file, shell file, ecc). However, there is a risk: this is activating the path/environment for every application, while probably it is a better idea to set it up only for processes running a specific application (the OP PHP one). In other words, I would use this "trick" only for jailed daemons. Luca
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKoxK%2B5QDtcHPZyVTwG2eUC2ncfLCwePaL=FsXHe1UQMdAbD3Q>