Bug #1891
closedlighttpd should sanitize its start-up environment
Description
every good secure network daemon should always sanitize its start-up environment
I discovered that my full environment is still available after manually restarting lighttpd through a web page using SSI that included the line ""
In theory lighttpd could probably safely remove all environment variables on startup and then admins and users could configure just those environment settings necessary for operation of their own local CGIs and SSI scripts.
Updated by darix about 15 years ago
- Status changed from New to Wontfix
no we cant clear all environment variables. some apps being called might require them.
common examples are LD_LIBRARY_PATH or the envvars for oracle.
that said. if you want to clear the environment variables clear them in your init script.
on systems with startproc you can call startproc -e to get a minimal environment. i am sure you can find a solution for your actual system.
that said i will close it as a wontfix.
Updated by woods about 15 years ago
Hmmm.... your excuse seems invalid.
As I understand it, there are explicit features in both CGI and SSI configuration which allow for the controlled setting of any required environment variables.
Besides, it's completely wrong (from a security standpoint) to ever rely on the invoker's environment. So many things can go wrong.
Updated by darix about 15 years ago
there is not much you can do to tell your CGI C app where to find its oracle libraries.
as i said. if you want to sanitize your environment, do so in your start up script. a simple solution might be env -i
Updated by woods about 15 years ago
well, actually, you can always provide additional environment (or any other arbitrary controls) for other programs that are invoked as CGI programs: use a wrapper script or program.
In fact from a security standpoint that's the only correct way to do it if the web server itself has no mechanism to control the environment of the programs it invokes.
it is never really safe to allow the invoker's environment to randomly affect daemons started as a result of untrustable network connections.
the network daemon must carefully sanitize the environment it uses, especially when it invokes other outside programs as a result of handling an incoming connection from the network.
This is just obvious simple secure programming 101.
Updated by woods about 15 years ago
and besides, there's mod_setenv, which is explicitly designed for the very purpose of adding environment variables to be passed to external applications.
Also available in: Atom