Date: Wed, 27 Apr 2016 09:05:46 +0200 From: Niklaas Baudet von Gersdorff <stdin@niklaas.eu> To: freebsd-questions@freebsd.org Subject: Re: Why is www's $PATH only /usr/bin:/bin? Message-ID: <20160427070546.GB31481@box-fra-01.niklaas.eu> In-Reply-To: <46778.128.135.52.6.1461705358.squirrel@cosmo.uchicago.edu> References: <20160426194048.GA31481@box-fra-01.niklaas.eu> <46778.128.135.52.6.1461705358.squirrel@cosmo.uchicago.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Valeri Galtsev [2016-04-26 16:15 -0500] : > You can have $cmd containing full absolute path to the command bewith > leading slash, say: >=20 > /usr/local/bin/yourcommand >=20 > then it should work (unless daemon runs chrooted, then you need to > have copied of all these in chrooted environment). Having daemons > exposed to external world able access as minimum of things as > necessary would be a good security practice. I thought about that too. I am trying to run some webapp based on PHP that uses shell_exec to figure out where to find the program in question. I don't want to make changes upstream, so I thought about making changes to FreeBSD itself. I had a look at /etc/login.conf and started wondering why $PATH is not set properly. Thanks for the security advice. I am quite concerned about that too. The webserver is running in a jail, ingoing and outgoing network connection limited. It's only for personal use so access rather restricted.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160427070546.GB31481>