To ensure that my apache + mod_php setup works, I usually use the phpinfo() function in an otherwise empty PHP file. After updating to baselayout-1.8.6.8-r1, the "Environment" section of phpinfo()'s output is huge, and can potentially reveal FAR more information about my system than I'd like. Reverting to baselayout-1.8.6.7 removes the excessive environment output. I'm not sure if this is related, but the /etc/init.d/bootmisc script contains the following in baselayout-1.8.6.8-r1: if [ -x /sbin/rc-envupdate.sh ] then ebegin "Updating environment" /sbin/env-update.sh eend 0 fi There's a disconnect between the test and the command executed. I tried keeping rc-envupdate.sh around (it's not included in 1.8.6.8-r1) upgraded to 1.8.6.8-r1, and modified /etc/init.d/bootmisc to use rc-envupdate.sh instead of env-update.sh, but that didn't help... <sigh> Anyway, I know the problem shows up in 1.8.6.8-r1, and it's not in 1.8.6.7, but I'm not sure where to look now... (and, just as a side-note, could this be related to #21438 - "baselayout-1.8.6.8-r1 boot message: xargs environment too large"?) Reproducible: Always Steps to Reproduce: 1. Upgrade baselayout to 1.8.6.8-r1 2. ensure apache + mod_php is installed/works 3. run env-update, and restart apache (/etc/init.d/apache restart) 4. create a php file that uses the phpinfo() function, and view the output 5. downgrade to baselayout-1.8.6.7, and repeat steps 3 & 4 Actual Results: There's a HUGE difference in the environment listed in the output of phpinfo(): 1.8.6.8-r1 contains an insane number of exported environemnt variables, that can act as an information leak, informing hackers/crackers of the layout/contents of the system. Expected Results: The output of the phpinfo() function should be similar to that of baselayout-1.8.6.7. Portage 2.0.48-r5 (default-x86-1.4, gcc-3.2.3, glibc-2.3.2-r1) ================================================================= System uname: 2.4.20-win4lin-r1 i686 Intel(R) Pentium(R) 4 CPU 2.40GHz GENTOO_MIRRORS="ftp://ftp.ussg.iu.edu/pub/linux/gentoo ftp://csociety-ftp.ecn.purdue.edu/pub/gentoo/ http://csociety-ftp.ecn.purdue.edu/pub/gentoo/ ftp://mirror.iawnet.sandia.gov/pub/gentoo/ ftp://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ ftp://gentoo.linux.no/pub/gentoo/ http://gentoo.linux.no/ http://194.83.57.11/sites/www.ibiblio.org/gentoo/" CONFIG_PROTECT="/etc /var/qmail/control /usr/kde/2/share/config /usr/kde/3/share/config /usr/X11R6/lib/X11/xkb /usr/kde/3.1/share/config /usr/share/config" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" PORTDIR="/usr/portage" DISTDIR="/usr/portage/distfiles" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR_OVERLAY="/custom/portage" USE="x86 oss 3dnow apm avi crypt encode foomaticdb gif jpeg libg++ mad mikmod mmx mpeg ncurses nls pdflib png quicktime spell truetype xml2 xmms xv zlib directfb gtkhtml alsa gdbm berkdb slang readline arts aalib nas bonobo svga ggi tcltk guile ruby mysql postgres X sdl tcpd pam libwww ssl perl python esd imlib oggvorbis gtk qt motif mozilla gphoto2 cdr acpi acpi4linux curl dga dvd fbcon gd gd-external gtk2 i8x0 imap maildir moznocompose moznoirc moznomail mpi pda pic sse tiff usb wmf gnome xinerama xml opengl -cups -java -gpm -kde" COMPILER="gcc3" CHOST="i686-pc-linux-gnu" CFLAGS="-O3 -march=pentium3 -pipe" CXXFLAGS="-O2 -mcpu=i686 -pipe" ACCEPT_KEYWORDS="x86" MAKEOPTS="-j2" AUTOCLEAN="yes" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" FEATURES="sandbox buildpkg ccache"
*** This bug has been marked as a duplicate of 23736 ***
