alexmpycckue.org

• Next message: Petri Sirkkala.: "Re: [suse-security] cgi-bin/printenv"
• Previous message: Volker Kuhlmann: "Re: [suse-security] checking rpm integrity"
• Next in thread: Petri Sirkkala.: "Re: [suse-security] cgi-bin/printenv"
• Reply: Petri Sirkkala.: "Re: [suse-security] cgi-bin/printenv"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hallo,

just wondering why the PATH variable changes after reloading the printenv
script?
Example:
i requested http://localhost/cgi-bin/printenv
i got lots of stuff back including:
PATH = /bin:/usr/bin:/usr/ucb:/usr/bsd:/usr/local/bin
reload the browser:
PATH = /sbin:/bin:/usr/sbin:/usr/bin
reload again:
PATH = /bin:/usr/bin:/usr/ucb:/usr/bsd:/usr/local/bin
moreover the PATH does not change consistently after each reload.
it is on suse 6.1:
SERVER_SOFTWARE = Apache/1.3.6 (Unix) (SuSE/Linux) PHP/3.0.7 mod_perl/1.19
mod_ssl/2.2.8 SSLeay/0.9.0b
is that a security feature :)

-alexm the bandwidthwaister

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com

• Next message: Petri Sirkkala.: "Re: [suse-security] cgi-bin/printenv"
• Previous message: Volker Kuhlmann: "Re: [suse-security] checking rpm integrity"
• Next in thread: Petri Sirkkala.: "Re: [suse-security] cgi-bin/printenv"
• Reply: Petri Sirkkala.: "Re: [suse-security] cgi-bin/printenv"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]