[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

passing environment to apache : solution ?



Hi there,

About #252627, I perfectly understand the problem leaking env represents.

However, it is sometimes necessary to pass environment variables to apache.

The common case is the use of php+oci8 binding : you have to pass ORACLE_HOME to apache if you want to run php as a module (using SetEnv is only possible if php runs as cgi)

The solution I use is the small attached patch to /etc/init.d/apache.

It provides a way to pass environment variables via /etc/default/apache, if it exists.

A real world example is attached as well

This way, the administrator is responsible and has full control over apache environment if he needs to, which I think is an important thing (administrators should be able to choose what information they want/have to leak).

Of course, this file would'nt pass anything by default and contain a clear warning as comment.

Please, consider this compromise.

Best regards,

--
Clément 'nodens' Hermann <clement.hermann@free.fr>
- L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ?
-- Jean in "l'Histoire des Pingouins" - http://tnemeth.free.fr/fmbl/linuxsf
--- /etc/init.d/apache.orig	Fri Aug 13 10:56:19 2004
+++ /etc/init.d/apache	Fri Aug 13 10:55:12 2004
@@ -21,6 +21,9 @@
 # ensure we don't leak environment vars into apachectl
 APACHECTL="env -i LANG=${LANG} PATH=${PATH} $APACHECTL"
 
+# custom environment is in /etc/default/apache
+[ -f /etc/default/apache ] && . /etc/default/apache
+
 if egrep -q -i "^[[:space:]]*ServerType[[:space:]]+inet" $CONF
 then
     exit 0
# /etc/default/apache
# This file is intended as a way to pass environment variables
# to apache.
# WARNING : you should be *very* cautious when adding
# new environment variable. This could lead to an 
# important information leak.

# Passing ORACLE_HOME to apache is required to 
# use php-oci8 bindings with php as an apache module
export ORACLE_HOME=/home/oracle/OraHome1

Reply to: