Edit report at http://bugs.php.net/bug.php?id=13843&edit=1
ID: 13843
Updated by: j...@php.net
Reported by: a dot genkin at toronto dot edu
Summary: add the execv functionality to PHP
-Status: Open
+Status: Bogus
Type: Feature/Change Request
-Package: Feature/Change Request
+Package: Program Execution
Operating System: Unix
PHP Version: 4.0.6
Block user comment: N
Private report: N
New Comment:
Same as bug #10937 is about.
Previous Comments:
------------------------------------------------------------------------
[2005-08-20 01:14:29] cira at mercenarylabs dot com
After much configuration, I was able to write a dynamic shell script
containing shell redirection symbols, and then run the script using
exec(), system(), or passthru().
It's not the best solution, but if you wish to run more complex calls to
the system in safe mode, dump the commands to a file and then use PHP to
exec that file.
-Samantha
------------------------------------------------------------------------
[2002-01-24 04:52:30] der...@php.net
The space is usually not a problem, but a ; is.
However execv is a nice idea, making this into a feature request.
Derick
------------------------------------------------------------------------
[2002-01-24 04:44:57] veins at skreel dot org
I understand that pipes and redirections could break the point of using
safe_mode but, what I can't understand, is how a space in an argument
can make the system vulnerable...
------------------------------------------------------------------------
[2001-10-29 16:27:41] a dot genkin at toronto dot edu
Rats! I meant to say "to standard out" in the last sentence.
------------------------------------------------------------------------
[2001-10-29 16:23:58] a dot genkin at toronto dot edu
Rasmus, what you are saying about shell redirection being a threat under
safe mode makes sesnse. But how about being able to pass parameters
with spaces in them? I cannot see any security implication in that...
In any case, I want to be able to read standard error from the command
I'm executing...
How about providing a PHP variant of C's execv() in PHP, so that I could
pass it an array of parameters? And, perhaps, add a flag to existing
program execution functions to duplicate standard error to standard in.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/bug.php?id=13843
--
Edit this bug report at http://bugs.php.net/bug.php?id=13843&edit=1
