RE: [PHP] Executing shell commands

This is a discussion on RE: [PHP] Executing shell commands within the PHP General forums, part of the PHP Programming Forums category; Ack! No no no no no! At least put something this critical in a password protected database, not a place ...


Go Back   Usenet Forums > PHP Programming Forums > PHP General

Reload this Page RE: [PHP] Executing shell commands

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 11-09-2003
Javier Muniz
 
Posts: n/a
Default RE: [PHP] Executing shell commands
Ack! No no no no no! At least put something this critical in a password
protected database, not a place that could possibly be written to by a
malicious user that gains access to an easily-writable directory like /tmp,
the DoS and security ramifications of having a system like this are huge.
Be exceptionally careful, and never pretend that /tmp is a safe place for
data. If something is being read from /tmp then it should be treated the
same way user-inputted data is, and never trusted.

-Javier

-----Original Message-----
From: Robert Cummings [mailto:robert@interjinn.com]
Sent: Sunday, November 09, 2003 12:47 AM
To: Teren
Cc: PHP-General
Subject: Re: [php] Executing shell commands


On Sun, 2003-11-09 at 03:41, Teren wrote:
>
> Hi, I'm trying to write a front end for something and I want to be
> able to execute shell commands. I tried all of the pre-written
> functions and non of them would work. I setup a user that can sudo and
> then i set apache to run as that user. So, what I tried to do is
> shell_exec("sudo -s; reboot;"); but that didn't work, I also tried
> other numerous variations all of which didn't work (also using exec(),
> system(), passthru() ). If any one has any ideas how i can do this,
> please let me know. Thanks

I believe this has been answered quite recently and the large consensus was
to have a daemon (cron or otherwise) check for some status file or database
entry, which when set it would perform the required function. So for
instance to reboot the machine, perhaps a cron job would check for the
existence of /tmp/myFrontEnd/reboot and if found reboot the machine. Thus
the front end would only need to create the file.

HTH,
Rob.
--
..------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting | a
| powerful, scalable system for accessing system services | such as
| forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for |
| creating re-usable components quickly and easily. |
`------------------------------------------------------------'

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 03:09 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0