Menu
▾
▴
webadmin-list
|
From: Agustin P. <ag...@gs...> - 2006-05-26 17:16:17
|
Hi All, I have been searching the web because I have that problem (see subject) wi= th=20 version 1.260 Even if this http://seclists.org/lists/bugtraq/2001/May/0258.html says it h= as=20 been fixed on 0.83 when I restart my Apache server I can see webmin SID wit= h=20 PHP phpinfo() function which may be a serious security problem as it says=20 here: http://seclists.org/lists/bugtraq/2001/May/0275.html Has this been fixed? How do I get ENV cleaned when restarting Apache with webmin? I am using the miniserv.pl server. Thanks =2D-=20 Agust=EDn Pizarro |
|
From: Jamie C. <jca...@we...> - 2006-05-26 18:48:20
|
On 26/May/2006 12:15 Agustin Pizarro wrote .. > Hi All, > > I have been searching the web because I have that problem (see subject) > with > version 1.260 > > Even if this http://seclists.org/lists/bugtraq/2001/May/0258.html says > it has > been fixed on 0.83 when I restart my Apache server I can see webmin SID > with > PHP phpinfo() function which may be a serious security problem as it says > here: http://seclists.org/lists/bugtraq/2001/May/0275.html > > Has this been fixed? > > How do I get ENV cleaned when restarting Apache with webmin? > > I am using the miniserv.pl server. Does this still happen if you stop and re-start Apache from within Webmin? I am pretty sure this problem is fixed by clearing all environment variables before calling Apache, although if you just do a restart or apply changes Apache may still be inheriting variables from a previous incorrect version of Webmin. Also, are you using Virtualmin there? It has its own slightly different Apache restart code. - Jamie |
|
From: <pg...@ne...> - 2006-05-26 20:14:09
|
Please remove me from all webmin/webadmin mailing lists. Thank you -----Original Message----- From: Jamie Cameron <jca...@we...> To: web...@li... Sent: Fri, 26 May 2006 13:48:12 -0500 (CDT) Subject: Re: [webmin-l] Webmin Doesn't Clean ENV On 26/May/2006 12:15 Agustin Pizarro wrote .. > Hi All, > > I have been searching the web because I have that problem (see subject) > with > version 1.260 > > Even if this http://seclists.org/lists/bugtraq/2001/May/0258.html says > it has > been fixed on 0.83 when I restart my Apache server I can see webmin SID > with > PHP phpinfo() function which may be a serious security problem as it says > here: http://seclists.org/lists/bugtraq/2001/May/0275.html > > Has this been fixed? > > How do I get ENV cleaned when restarting Apache with webmin? > > I am using the miniserv.pl server. Does this still happen if you stop and re-start Apache from within Webmin? I am pretty sure this problem is fixed by clearing all environment variables before calling Apache, although if you just do a restart or apply changes Apache may still be inheriting variables from a previous incorrect version of Webmin. Also, are you using Virtualmin there? It has its own slightly different Apache restart code. - Jamie ------------------------------------------------------- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642 - Forwarded by the Webmin mailing list at web...@li... To remove yourself from this list, go to http://lists.sourceforge.net/lists/listinfo/webadmin-list ___________________________________________________ Try the New Netscape Mail Today! Virtually Spam-Free | More Storage | Import Your Contact List http://mail.netscape.com |
|
From: Agustin P. <ag...@gs...> - 2006-05-26 21:14:38
|
On Friday 26 May 2006 20:48, Jamie Cameron wrote: > On 26/May/2006 12:15 Agustin Pizarro wrote .. > > > Hi All, > > > > I have been searching the web because I have that problem (see subject) > > with > > version 1.260 > > > > Even if this http://seclists.org/lists/bugtraq/2001/May/0258.html says > > it has > > been fixed on 0.83 when I restart my Apache server I can see webmin SID > > with > > PHP phpinfo() function which may be a serious security problem as it sa= ys > > here: http://seclists.org/lists/bugtraq/2001/May/0275.html > > > > Has this been fixed? > > > > How do I get ENV cleaned when restarting Apache with webmin? > > > > I am using the miniserv.pl server. > > Does this still happen if you stop and re-start Apache from within > Webmin? I am pretty sure this problem is fixed by clearing all environment > variables before calling Apache, although if you just do a restart or app= ly > changes Apache may still be inheriting variables from a previous incorrect > version of Webmin. > > Also, are you using Virtualmin there? It has its own slightly different > Apache restart code. > > - Jamie No, I am not using Virtualmin. I have tried what you suggest and it happens only on "Apply Changes" when=20 direct restart command is executed within webmin (in my case=20 '/etc/rc.d/init.d/httpd restart'). stop, start -> ok, clean (*) stop, start, apply(start-stop) -> ok, clean (*) stop, start, apply(apachectl) -> ok, clean (*) stop, start, apply(command) -> not clean So setting on the module config "Command to apply configuration" to "Run st= op=20 and start commands" or "Use apachectl or HUP signal" solves the problem (*) Clean mostly as : _ENV["SERVER_REALROOT"] /usr/libexec/webmin _ENV["PWD"] /usr/libexec/webmin/apache/ keep set. Thanks Thank you very much too for giving us this useful tool and your support. =2D-=20 Agust=EDn Pizarro Technical Representative ag...@gs... urgent: agu...@gs... fax: +34 91 184 99 56 GignoSystem Europe LTD Paseo de la Castellana 164 Off. #4 Madrid (Spain) |
|
From: Jamie C. <jca...@we...> - 2006-05-26 21:22:55
|
On 26/May/2006 16:13 Agustin Pizarro wrote .. > On Friday 26 May 2006 20:48, Jamie Cameron wrote: > > On 26/May/2006 12:15 Agustin Pizarro wrote .. > > > > > Hi All, > > > > > > I have been searching the web because I have that problem (see subject) > > > with > > > version 1.260 > > > > > > Even if this http://seclists.org/lists/bugtraq/2001/May/0258.html says > > > it has > > > been fixed on 0.83 when I restart my Apache server I can see webmin > SID > > > with > > > PHP phpinfo() function which may be a serious security problem as it > says > > > here: http://seclists.org/lists/bugtraq/2001/May/0275.html > > > > > > Has this been fixed? > > > > > > How do I get ENV cleaned when restarting Apache with webmin? > > > > > > I am using the miniserv.pl server. > > > > Does this still happen if you stop and re-start Apache from within > > Webmin? I am pretty sure this problem is fixed by clearing all environment > > variables before calling Apache, although if you just do a restart or > apply > > changes Apache may still be inheriting variables from a previous incorrect > > version of Webmin. > > > > Also, are you using Virtualmin there? It has its own slightly different > > Apache restart code. > > > > - Jamie > > No, I am not using Virtualmin. > I have tried what you suggest and it happens only on "Apply Changes" when > direct restart command is executed within webmin (in my case > '/etc/rc.d/init.d/httpd restart'). > > stop, start -> ok, clean (*) > stop, start, apply(start-stop) -> ok, clean (*) > stop, start, apply(apachectl) -> ok, clean (*) > stop, start, apply(command) -> not clean > > So setting on the module config "Command to apply configuration" to "Run > stop > and start commands" or "Use apachectl or HUP signal" solves the problem > > (*) Clean mostly as : > > _ENV["SERVER_REALROOT"] /usr/libexec/webmin > _ENV["PWD"] /usr/libexec/webmin/apache/ > > keep set. > > Thanks > > Thank you very much too for giving us this useful tool and your support. Ok, that makes sense now .. you are seeing a bug that existed in Webmin 1.260, but has been fixed in the 1.270. - Jamie |
