On Tue, Dec 06, 2005 at 01:49:15AM -0500, Eli wrote:
> Yes - no control in the sense that I don't have anywhere near the time to
> audit every script uploaded to a shared web server. However, they cannot
> modify the environment variables that Apache puts in place if I'm not
> mistaken, which is why I only rely on those environment variables, and
> nothing else. So far, I've had a perfect success rate - my only issue is
> with PHP since I can only track the domain by injecting it to the php config
> as shown in the originally quoted email back many days ago.
The process that calls the exec(2) has full control over the environment.
What is difficult about this?
http://www.opengroup.org/onlinepubs/009695399/functions/exec.html
This is OT for this list now.
Cheers
MBM
--
Matthew Byng-Maddick <mbm@???> http://colondot.net/
(Please use this address to reply)
