The single quotes around the argument of --with-suexec-safepath are wrong. I created this small CGI program: #!/bin/bash echo "Content-type: text/plain" echo "" set When run without suexec I see a line like this: PATH=/bin:/sbin:...:/usr/qt/3/bin When run through suexec I see this line instead: PATH=''\''/usr/local/bin:/usr/bin:/bin'\''' Is there any special reason why the safepath should not be user configurable? I guess there could be users who might wish to restrict the set of available interpreters for CGIs. As all other suexec settings seem configurable, why not this one as well?
(In reply to comment #0) > The single quotes around the argument of --with-suexec-safepath are wrong. > > I created this small CGI program: > > #!/bin/bash > echo "Content-type: text/plain" > echo "" > set > > When run without suexec I see a line like this: > PATH=/bin:/sbin:...:/usr/qt/3/bin > When run through suexec I see this line instead: > PATH=''\''/usr/local/bin:/usr/bin:/bin'\''' > > Is there any special reason why the safepath should not be user configurable? > I guess there could be users who might wish to restrict the set of available > interpreters for CGIs. As all other suexec settings seem configurable, why not > this one as well? Because I figured there's no way we could support stuff with custom SUEXEC_SAFEPATH settings (like insane ones), but /usr/sbin/suexec -V lists the variables nicely ... I have an ebuild ready, just need to check a couple of other things.
(In reply to comment #1) > Because I figured there's no way we could support stuff with custom > SUEXEC_SAFEPATH settings (like insane ones), but /usr/sbin/suexec -V lists the > variables nicely ... > > I have an ebuild ready, just need to check a couple of other things. Thank you Martin, I just committed a fixed ebuild to the tree.