Author: Eli Date: To: exim-users Subject: RE: [exim] environment variable patch
Marc wrote:
> So you don't control the scripts that run on the machine?
> Well, you're pretty screwed, then -- with the env patch, they
> could just change the environment before calling sendmail, if
> they want to.
Yes - no control in the sense that I don't have anywhere near the time to
audit every script uploaded to a shared web server. However, they cannot
modify the environment variables that Apache puts in place if I'm not
mistaken, which is why I only rely on those environment variables, and
nothing else. So far, I've had a perfect success rate - my only issue is
with PHP since I can only track the domain by injecting it to the php config
as shown in the originally quoted email back many days ago.
> Unless someone knows how to use setenv(3) in their calling code. :)
I'm too lazy to be sure, but I would think that the CGI specified
environment variables shouldn't be deletable/changeable... But again,
haven't put much thought in to it.
> Um, please provide a signed consulting contract? I think
> I've given you plenty to go on.
You've described your ideas better now yes - no examples required any more
:)