Bug#229653: apache: /etc/init.d/apache still leaking environment
Package: apache
Version: 1.3.26-0woody3
Severity: important
Tags: security patch
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux <hostname> 2.4.18 #5 Mon May 5 13:56:33 CEST 2003 i686
Locale: LANG=C, LC_CTYPE=C
Versions of packages apache depends on:
ii apache-common 1.3.26-0woody3
ii dpkg 1.9.21
ii libc6 2.2.5-11.2
ii libdb2 2:2.7.7.0-7
ii libexpat1 1.95.2-6
ii logrotate 3.5.9-8
ii mime-support 3.18-1
ii perl 5.6.1-7
ii perl [perl5] 5.6.1-7
Description:
When I start or restart apache later than boot time using /etc/init.d/apache,
the environment is leaking into the web server process. The point to fix this
problem is already found in the script, but unfortunately not properly
implemented.
Debian SID seems also to be affected.
Ingo Schramm
Patch:
22a23
> ENV="env -i LANG=${LANG} PATH=${PATH}"
32c33
< start-stop-daemon --start --pidfile $PIDFILE --exec $DAEMON
---
> $ENV start-stop-daemon --start --pidfile $PIDFILE --exec $DAEMON
48c49
< start-stop-daemon --start --pidfile $PIDFILE --exec $DAEMON
---
> $ENV start-stop-daemon --start --pidfile $PIDFILE --exec $DAEMON
--
Ister.ORG
mailto:info@ister.org
http://www.ister.org
Reply to: