passing environment to apache : solution ?
Hi there,
About #252627, I perfectly understand the problem leaking env represents.
However, it is sometimes necessary to pass environment variables to apache.
The common case is the use of php+oci8 binding : you have to pass
ORACLE_HOME to apache if you want to run php as a module (using SetEnv
is only possible if php runs as cgi)
The solution I use is the small attached patch to /etc/init.d/apache.
It provides a way to pass environment variables via /etc/default/apache,
if it exists.
A real world example is attached as well
This way, the administrator is responsible and has full control over
apache environment if he needs to, which I think is an important thing
(administrators should be able to choose what information they want/have
to leak).
Of course, this file would'nt pass anything by default and contain a
clear warning as comment.
Please, consider this compromise.
Best regards,
--
Clément 'nodens' Hermann <clement.hermann@free.fr>
- L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ?
-- Jean in "l'Histoire des Pingouins" - http://tnemeth.free.fr/fmbl/linuxsf
--- /etc/init.d/apache.orig Fri Aug 13 10:56:19 2004
+++ /etc/init.d/apache Fri Aug 13 10:55:12 2004
@@ -21,6 +21,9 @@
# ensure we don't leak environment vars into apachectl
APACHECTL="env -i LANG=${LANG} PATH=${PATH} $APACHECTL"
+# custom environment is in /etc/default/apache
+[ -f /etc/default/apache ] && . /etc/default/apache
+
if egrep -q -i "^[[:space:]]*ServerType[[:space:]]+inet" $CONF
then
exit 0
# /etc/default/apache
# This file is intended as a way to pass environment variables
# to apache.
# WARNING : you should be *very* cautious when adding
# new environment variable. This could lead to an
# important information leak.
# Passing ORACLE_HOME to apache is required to
# use php-oci8 bindings with php as an apache module
export ORACLE_HOME=/home/oracle/OraHome1
Reply to: