RE: [exim] environment variable patch

Top Page
Delete this message
Reply to this message
Author: Eli
Date:  
To: exim-users
Subject: RE: [exim] environment variable patch
Marc wrote:

> So you don't control the scripts that run on the machine?
> Well, you're pretty screwed, then -- with the env patch, they
> could just change the environment before calling sendmail, if
> they want to.


Yes - no control in the sense that I don't have anywhere near the time to
audit every script uploaded to a shared web server. However, they cannot
modify the environment variables that Apache puts in place if I'm not
mistaken, which is why I only rely on those environment variables, and
nothing else. So far, I've had a perfect success rate - my only issue is
with PHP since I can only track the domain by injecting it to the php config
as shown in the originally quoted email back many days ago.

> Unless someone knows how to use setenv(3) in their calling code. :)


I'm too lazy to be sure, but I would think that the CGI specified
environment variables shouldn't be deletable/changeable... But again,
haven't put much thought in to it.

> Um, please provide a signed consulting contract? I think
> I've given you plenty to go on.


You've described your ideas better now yes - no examples required any more
:)

Eli.