Why is www's $PATH only /usr/bin:/bin?

Luca Ferrari fluca1978 at infinito.it
Fri Apr 29 06:06:34 UTC 2016

On Fri, Apr 29, 2016 at 5:00 AM, Bertram Scharpf
<lists at bertram-scharpf.de> wrote:
> A nice thing. Tried it. Thanks. May be a documentation bug
> that I never heard about that. Could it turn out to be a
> security hole (probably not)?

I don't think it is less secure than setting the environment for the
apache user directly (init file, shell file, ecc).
However, there is a risk: this is activating the path/environment for
every application, while probably it is a better idea to set it up
only for processes running a specific application (the OP PHP one).
In other words, I would use this "trick" only for jailed daemons.


More information about the freebsd-questions mailing list