Re: [webmin-l] phpinfo() problem

[Jamie C. <jca...@we...>]

Hi Hamid,

You are correct, I overlooked the case where Webmin or Virtualmin restarts
Apache ... this will be fixed in the next release.

 - Jamie

On 3/Feb/2006 01:10 Hamid Hashemi wrote ..
> Jamie,
> 
> I beleive that in some cases this problem happened again also after 
> Webmin version 1.260 . before this version if you restart the apache 
> from the webmin the variables passed to the new httpd but in this 
> version this only happen if you make a new virtual host in your 
> virutalmin . but if you restart the httpd from the webmin itself the 
> variables gone ! can you please check into it to see if this problem 
> already exist or this is only my problem ?!
> 
> Jamie Cameron wrote:
> > On 9/Jan/2006 08:34 Hamid Hashemi wrote ..
> >   
> >> Hi ,
> >>
> >> I am using Webmin and Virtualmin for fedora core 4 and installed apache
> >> 2.0.54 and php 5.0.4.
> >> When I was surfing the hosts and tried one of the hosts info.php which
> >> contains phpinfo() function to see if everythings working fine that
> host
> >> on virtualmin or not and saw something interesting in PHP Variables
> >> section of phpinfo() !!
> >> I saw some $_ENV variables which contains some information about the
> >> webmin and virtualmin even some passwords of virtualmin !!!!
> >> here is some example about these variables :
> >>
> >> _ENV["DOCUMENT_REALROOT"] 	/usr/libexec/webmin
> >> _ENV["VIRTUALSERVER_MAILBOXLIMIT"] 	20
> >> _ENV["VIRTUALSERVER_LOGROTATE"] 	1
> >> _ENV["VIRTUALSERVER_PREFIX"] 	xxxxxxxxx ( I changed this !)
> >> _ENV["VIRTUALSERVER_IP"] 	xx.xx.xx.xx ( this too ! )
> >> _ENV["QUOTA_SBLOCKS"] 	10240
> >> _ENV["HTTP_CONTENT_LENGTH"] 	436
> >> _ENV["VIRTUALSERVER_LIMIT_WEB"] 	1
> >> _ENV["QUOTA_FILESYS"] 	/home
> >> _ENV["VIRTUALSERVER_GID"] 	538
> >> _ENV["MINISERV_CONFIG"] 	/etc/webmin/miniserv.conf
> >> _ENV["VIRTUALSERVER_POSTGRES"] 	/no value/
> >> _ENV["VIRTUALSERVER_MAIL"] 	1
> >> _ENV["QUOTA_HFILES"] 	0
> >>
> >>
> >> and a lot of other variables which is really secure ! I don't know from
> >> where phpinfo() found these but I need to solve this problem ASAP !
> Also
> >> I checked the same issue on another server and the same result happened
> >> ! any idea ?
> >>     
> >
> > This is a bug in Webmin - in some cases, environment variables are being
> passed
> > through to the Apache process. It will be fixed in the next release,
> but in the short
> > term you can resolve it by finding the clean_environment function in
> web-lib-funcs.pl
> > and replacing it with :
> >
> > # clean_environment()
> > # Deletes any environment variables inherited from miniserv so that they
> > # won't be passed to programs started by webmin.
> > sub clean_environment
> > {
> > local ($k, $e);
> > %UNCLEAN_ENV = %ENV;
> > foreach $k (keys %ENV) {
> >         if ($k =~ /^(HTTP|VIRTUALSERVER|QUOTA|USERADMIN)_/) {
> >                 delete($ENV{$k});
> >                 }
> >         }
> > foreach $e ('WEBMIN_CONFIG', 'SERVER_NAME', 'CONTENT_TYPE', 'REQUEST_URI',
> >             'PATH_INFO', 'WEBMIN_VAR', 'REQUEST_METHOD', 'GATEWAY_INTERFACE',
> >             'QUERY_STRING', 'REMOTE_USER', 'SERVER_SOFTWARE', 'SERVER_PROTOCOL',
> >             'REMOTE_HOST', 'SERVER_PORT', 'DOCUMENT_ROOT', 'SERVER_ROOT',
> >             'MINISERV_CONFIG', 'SCRIPT_NAME', 'SERVER_ADMIN', 'CONTENT_LENGTH',
> >             'HTTPS', 'FOREIGN_MODULE_NAME', 'FOREIGN_ROOT_DIRECTORY',
> >             'SCRIPT_FILENAME', 'PATH_TRANSLATED', 'BASE_REMOTE_USER',
> >             'DOCUMENT_REALROOT', 'MINISERV_CONFIG') {
> >         delete($ENV{$e});
> >         }
> > }
> >
> >  - Jamie
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files
> > for problems?  Stop!  Download the new AJAX search engine that makes
> > searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> > -
> > Forwarded by the Webmin mailing list at web...@li...
> > To remove yourself from this list, go to
> > http://lists.sourceforge.net/lists/listinfo/webadmin-list
> >
> >   
> 
> -- 
> Regards
>     =================================================================
>    /  Seyyed Hamid Reza    /        WINDOWS FOR NOW  !!            /
>   /  Hashemi Golpayegani  /  Linux for future , FreeBSD for ever  /
>  /    Morva System Co.   / ------------------------------------- /
> /  Network Administrator/ ha...@mo...   ,   ICQ# : 42209876 /
> ================================================================ 
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
> -
> Forwarded by the Webmin mailing list at web...@li...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list