I guess it'd be too complicated to ask for mod_env and suEXEC to cooperate, so if a user deliberately sets PERL5LIB in a .htaccess file, suEXEC passes it to the Perl CGI? From what you say, I guess this still violates the suEXEC security model, where the suEXEC suid tool is designed to protect the user from compromised Apache / mod_env... In my case I'm not worried about PERL5LIB, so I wish suEXEC were configurable, like suPHP Thanks, Jack
Attachment:
signature.asc
Description: This is a digitally signed message part