headers
André Schild | 7 Dec 2011 19:04
Picon
Favicon
Gravatar

Status of "[PATCH] allowing setting of ld_* variables in conf file" ?

Hello,

we have a problem where we wish to use the sql anywhere php
library together with suPHP.
For this to work we need to specify additional LD_LIBRARY_PATH directories.

According to this post (dated back 2008)
https://lists.marsching.com/pipermail/suphp/2008-April/001772.html

the problem is that the LD_LIBRARY_PATH is reset by suPHP.

After applying the patch to the 0.7.1 source tree it now works.

Is there a intention to add this patch to the source tree, or if not,
why is it not a good idea ?

Thanks

--

-- 
Aarboard AG    Phone: +41 32 332 97 14
Egliweg 10     Fax:   +41 32 332 97 14
2560 Nidau
Switzerland    www.aarboard.ch
Permalink | Reply |
headers
Daniel Llewellyn | 7 Dec 2011 22:20
Picon
Gravatar

Re: Status of "[PATCH] allowing setting of ld_* variables in conf file" ?

2011/12/7 André Schild <a.schild <at> aarboard.ch>:
> For this to work we need to specify additional LD_LIBRARY_PATH directories.
>
> According to this post (dated back 2008)
> https://lists.marsching.com/pipermail/suphp/2008-April/001772.html
>
> the problem is that the LD_LIBRARY_PATH is reset by suPHP.
>
> After applying the patch to the 0.7.1 source tree it now works.
>
> Is there a intention to add this patch to the source tree, or if not,
> why is it not a good idea ?

can you not create a wrapper for php and set the LD_LIBRARY_PATH in that?

--

-- 
Regards,
    The Honeymonster aka Daniel Llewellyn

_______________________________________________
suPHP mailing list
suPHP <at> lists.marsching.com
https://lists.marsching.com/mailman/listinfo/suphp
Permalink | Reply |
headers
André Schild | 7 Dec 2011 22:36
Picon
Favicon
Gravatar

Re: Status of "[PATCH] allowing setting of ld_* variables in conf file" ?

Am 07.12.2011 22:20, schrieb Daniel Llewellyn:
> 2011/12/7 André Schild<a.schild <at> aarboard.ch>:
>> For this to work we need to specify additional LD_LIBRARY_PATH directories.
>>
>> According to this post (dated back 2008)
>> https://lists.marsching.com/pipermail/suphp/2008-April/001772.html
>>
>> the problem is that the LD_LIBRARY_PATH is reset by suPHP.
>>
>> After applying the patch to the 0.7.1 source tree it now works.
>>
>> Is there a intention to add this patch to the source tree, or if not,
>> why is it not a good idea ?
> can you not create a wrapper for php and set the LD_LIBRARY_PATH in that?
Yes,

that would be possible, but why create just another /bin/sh script just 
for this ?
It will require (minal) more resoures for execution...

André

_______________________________________________
suPHP mailing list
suPHP <at> lists.marsching.com
https://lists.marsching.com/mailman/listinfo/suphp
Permalink | Reply |
headers
Daniel Llewellyn | 7 Dec 2011 22:58
Picon
Gravatar

Re: Status of "[PATCH] allowing setting of ld_* variables in conf file" ?

On Wed, Dec 7, 2011 at 21:36, André Schild <a.schild <at> aarboard.ch> wrote:
> It will require (minal) more resoures for execution...

I guess if you're worried about resource usage you could write the
wrapper in C and compile it so that no interpreter is spawned until
PHP arrives. This would be no different, then, to running suPHP and
doesn't require potentially exploitable modifications to suPHP's
codebase.

(The reason LD_LIBRARY_PATH isn't passed through to client binaries is
for security considerations AFAIK.)

--

-- 
Regards,
    The Honeymonster aka Daniel Llewellyn

_______________________________________________
suPHP mailing list
suPHP <at> lists.marsching.com
https://lists.marsching.com/mailman/listinfo/suphp
Permalink | Reply |
headers
André Schild | 8 Dec 2011 09:00
Picon
Favicon
Gravatar

Re: Status of "[PATCH] allowing setting of ld_* variables in conf file" ?

Am 07.12.2011 22:58, schrieb Daniel Llewellyn:
> On Wed, Dec 7, 2011 at 21:36, André Schild<a.schild <at> aarboard.ch>  wrote:
>> It will require (minal) more resoures for execution...
> I guess if you're worried about resource usage you could write the
> wrapper in C and compile it so that no interpreter is spawned until
> PHP arrives. This would be no different, then, to running suPHP and
> doesn't require potentially exploitable modifications to suPHP's
> codebase.
But will introduced potential exploits when I make a error in my wrapper...
I don't think the patch opens new gaps, but of course, any line of code 
is a potential danger ;)

> (The reason LD_LIBRARY_PATH isn't passed through to client binaries is
> for security considerations AFAIK.)
That's clear.

André

_______________________________________________
suPHP mailing list
suPHP <at> lists.marsching.com
https://lists.marsching.com/mailman/listinfo/suphp
Permalink | Reply |

Gmane