php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #10970 Life of environment variable set by putenv() not documented well
Submitted: 2001-05-19 11:26 UTC Modified: 2001-05-19 11:34 UTC
From: antipode at thpoon dot com Assigned:
Status: Closed Package: Documentation problem
PHP Version: 4.0.5 OS: Solaris 2.5
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: antipode at thpoon dot com
New email:
PHP Version: OS:

 

 [2001-05-19 11:26 UTC] antipode at thpoon dot com
Visibility scope of the environment variables set by
putenv() is not documented.  It is important to know whether
an environment variable set in one script can be seen from
another script (served by the same Apache child, for example).

http://php.net/manual/en/function.putenv.php

I'm writing a secure application that passes user name and
password in environment varialbles to a setuid C program,
which checks the password against the shadow password file
to authenticate users.  It is crucial for me to know whether
such approach has any security implications, derriving fromt
the visibility scope of environment variables set in PHP.

Many thanks,
-- 
Arcady Genkin

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-05-19 11:34 UTC] rasmus@php.net
Note added to docs cvs.  A putenv() is only active for the duration of the request in which the env var was set.  At the end of the request the original environment is restored.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 28 08:01:30 2024 UTC