stackoom
  简体   繁体   中英

how to test if PHP system() function is allowed? and not turned off for security reasons

 原文  2010-10-27 13:37:12       php/ system/ exec

Question

I would like to know how to test if system() or exec() is allowed on a server. I keep getting this error "Warning: exec() has been disabled for security reasons in ..."

I understand that the safe_mode function is depreciated in the php version my provider runs (5.3.3) so i cant use a get_ini('safe_mode') check.

What else to do?

I use this for a backup script. if the provider allows system, the script makes a tar file and mails it to me whenever a user logs in.

Thanks in advance.

4 answers

solution1
 10 ACCPTED  2010-10-27 13:44:42

Well, there's only two ways it can be disabled: safe_mode or disable_functions .

So you can do a check like: 

function isAvailable($func) {
    if (ini_get('safe_mode')) return false;
    $disabled = ini_get('disable_functions');
    if ($disabled) {
        $disabled = explode(',', $disabled);
        $disabled = array_map('trim', $disabled);
        return !in_array($func, $disabled);
    }
    return true;
}

Oh, and function_exists should return true, since it's a core function (otherwise you could forge a core function and cause some real havoc on a host)... Therefore is_callable should also return true (since the function does exist). So the only ways to tell, are to check the ini settings, or to actually call it...

Edit: One other thing to note, there are several of ways to execute shell commands. Check out:

solution2
 3  2010-10-27 13:44:50

Testing for disabled functions and the presence of safe mode as shown by @ircmaxell is arguably the easiest way to go.

If you want to find out 1000% reliably whether execution of system commands is possible - there may be security patches like Suhosin that block this on another level - try to exec() an external command that is bound to work on all systems (including Windows), and is extremely unlikely to fail even if user rights are very tight.

Say 

cd .

this should work (ie not return false , and return an error level code of 0 ) at least on all Linux, Windows and Unix flavours including OS X.

solution3
 0  2010-10-27 13:41:14

function_exists() doesn't works for this situation ?

http://fr.php.net/function_exists

solution4
 0  2010-10-27 13:44:21

exec() returns false if it fails, or a success message string if it succeeds... so the following should work: 

if(!exec('cd .')){ die('ERROR: Exec is not available!!!'); }

Replacement for 'cd .' can be any function you know to work on the system.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question For security reasons, framing is not allowed How to detect CSS is turned off with PHP? Security Reasons PHP How to copy a file when system() has been disabled for security reasons? How do i know if eTags are turned on or off on the Server in PHP? How to redirect a request, if PHP Module is turned-OFF in Apache PHP / Python Check if firewall is turned off Login to Google with PHP and Curl, Cookie turned off? PHP: readfile() has been disabled for security reasons How can I offset system time to test my PHP function?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM