is there a way to log all calls that to exec() PHP makes? Recording PHP file and line number, and target executable with arguments, for example.
Thanks
You've got a few options, none of them are great:
If you have PECL APD installed, you can use override_function().
If you have PECL runkit installed, you can use runkit_function_redefine().
If you have the ability to wrap all the code in question with a namespace (possibly via the auto_prepend_file setting), you can just define a new exec() function.
Enable safe_mode and put nothing but a wrapper script in safe_mode_exec_dir. The only thing people will be able to exec is that wrapper, which can log hits and then spawn the requested command.
If you're concerned about what is getting exec()'ed, your best bet is probably just to turn it off by adding it (and its brethren) to the disabled_functions list.
Related
So I have a huge list of text files inside a folder that I must process using a PHP script, and if processing is successful, I need to discard the file. However I only want to attempt 3 times each file, at most. If after the 3rd attempt it fails, I'll discard the file regardless.
So after doing some research I learned about Linux extended file attributes, and that seemed to be a viable way of keeping a counter in each file by means of an extended attribute.
Further research told me PHP supports this with a Pear package named xattr. I then installed the required libattr extension by running this command line (This is an Ubuntu 12.04 system by the way):
sudo apt-get install libattr1-dev
That worked fine. I then installed Pear xattr with:
sudo pecl -v install xattr
Which also succeeded and it indicated I had to add this line to php.ini:
extension=xattr.so
Which I also did and then restarted Apache. But when I attempted to use any of the xattr commands in PHP I always get this:
Call to undefined function xattr_supported()...
I checked phpinfo() and it indicates xattr support is enabled....
So what am I missing here? Shouldn't xattr_supported() at least return a boolean indicating whether extended attributes are supported by the file system or not? Or, is there any other way I can write random data to a plain text file without altering its contents?
Thanks in advance.
Is there any reason why I can not complied files in PHP's shell_exec/exec/system function?
Example of something that does work in command line and PHP's shell_exec function:
<?php
$data = shell_exec("ls");
echo $data;
?>
Example of something that does not work in PHP's shell_exec function but will work in command line (I can confirm that):
<?php
$data = shell_exec("./c-compiled-file argv1 argv2 argv3");
echo $data;
?>
Is there anything I can do on my server so this will work? I've looked everywhere and no solutions I found fixed the problem. The compiled file is in the same directory as the PHP script as well, it just won't execute it. Also if you're asking, yes I have tried this with SSH2 and it still will not execute.
Also PHP is not in safe mode and NO functions are disabled.
Some common glitches when executing external commands from PHP that work fine from shell:
Command uses relative paths but PHP is launched from an arbitrary location:
Use getcwd() / chdir() to get/set working directory
PHP and shell run with different user credentials. This is often the case when PHP runs through a web server.
PHP and shell run different commands. Many people call stuff like exec("foo $bar") and doesn't even check what "foo $bar" contains.
No error checking is done. The bare minimum is to capture and print standard output, standard error, status code and, of course, all PHP error messages including warnings and notices.
You can redirect stderr to sdtout
You can use a PHP function that allows to capture more information, such as exec()
The web server is disallowed to execute the command at operating system level.
Lookout for SELinux or similar tools.
Just a guess, but the binary you're trying to execute might not have the proper permissions. Prepeding it with ./ in the command line forces it to execute, but PHP probably strips that for security purposes. Try this:
chmod +x c-compiled-file
You want to use system in the second case, and not shell_exec.
system executes an external program and displays the output.
shell_exec executes a command via shell and returns the complete output as a string.
and for good measure:
exec simply executes an external program.
Furthermore you want to make sure your external program is executable and (though you have stated it, I'll restate this) has execute permissions for the user which is running the web server. You also want to make sure the directory your external program is running in has the ability to write to its directory or /tmp or whatever output directory you have set.
Finally you should always use absolute paths for executing things like this in cron or php or whatever... so don't use ./c-compiled-file argv1 argv2 argv3, but instead use /home/username/c-compiled-file argv1 argv2 argv3 or whatever the full path is.
Like many others I have problem with shell_exec() function in PHP. I have safe mode disabled and disabled_functions deleted from php.ini.
If I run php script from terminal (php print.php) it's working perfectly but if I run it from web browser nothing happens.
Here is the scipt:
<?php
$output = shell_exec('lp print.php');
echo "<pre>$output</pre>";
?>
Please help me. I'm running PHP 5.3.10 on Apache2. My OS is Ubuntu Server 12.4. Here is the phpinfo page: http://testni-server.info/info.php
Progamming language PHP allows one to limit executing of external commands via configuration directive safe_mode_exec_dir. This directive should contain full path to a directory conatining programs which PHP script can run. If the script tries to execute a command not located in this directory, the command is not executed. This configuration directive is active only if safe mode is enabled, which means more and sometimes unwanted restrictions to users. PHP has no known possibility to limit executing of external commands with disabled safe mode. Teherefore, here is a patch adding special directive exec_dir straightly into PHP. This directive is very similar to safe_mode_exec_dir, but safe mode has not to be enabled.
This patch limits or corrects the behavior of these functions:
exec()
passthru()
proc_open()
shell_exec()
system()
popen()
is_executable()
The patch was created for purposes of limit execution of external commands of users on a multidomain apache server, first for PHP version 4.2.1. The patch was sent to PHP developers so it could be a part of PHP, but no one of PHP developers was interested in. On the other side, some PHP users wanted this patch, therefore this site was created.
Your command line (CLI) PHP might be using a different working directory and/or path than the CGI one. Try defining the working directory (containing the lp command) explicitly with chdir() before calling shell_exec().
When I call /usr/local/bin/pdftk from PHP in Apache (via shell_exec(), exec(), system(), etc.), it returns the SYNOPSIS message as expected.
When I call /usr/local/bin/pdftk input.pdf fill_form input.fdf output output.pdf flatten via shell_exec(), nothing returns.
When I copy and paste the exact same string to the same path in the shell (as the apache user), the output.pdf file is generated as expected.
Moving the pdftk command into a PHP shell script (shebang is #!/usr/bin/php) and executing it with php script.php works perfectly.
Calling that shell script (with its stderr redirected to stdout) from PHP in Apache (via shell_exec(script.php);) results in this line:
sh: line 1: 32547 Segmentation fault /usr/local/bin/pdftk input.pdf fill_form input.fdf output output.pdf flatten 2>&1
Whenever I run the script from the command line (via PHP or directly), it works fine. Whenever I run the script through PHP via Apache, it either fails without any notification or gives the SegFault listed above.
It's PHP 4.3.9 on RHEL4. Please don't shoot me. I've set memory to 512M with ini_set() and made sure that the apache user had read/write to all paths (with fopen()) and by logging in as apache ...
Just went and checked /var/log/messages to find this:
Oct 4 21:17:58 discovery kernel: audit(1286241478.692:1764638):
avc: denied { read } for pid=32627 comm="pdftk" name="zero"
dev=tmpfs ino=2161 scontext=root:system_r:httpd_sys_script_t
tcontext=system_u:object_r:zero_device_t tclass=chr_file
NOTE: Disabling SELinux "fixed" the problem. Has this moved into a ServerFault question? Can anybody give me the 30 second SELinux access controls primer here?
php-cli & php-cgi (or the module, depends on what your server uses) are different binaries. They don't even have to share the same version to live happily side by side on your server. They also may not share the same configuration. Increasing memory usually does nothing to help Segfaults. Points to check:
Are they the same version?
Do they have the same settings (consult the *.ini locations loaded in the phpinfo(); output, and possibly the whole output itself), if not: try what happens if you alter the one for your webserver to the one for the cli as far as possible.
Segfaults occur more in extensions then in the core afaik, and sometimes seemingly unrelated. Try to disable unneeded extensions one by one to see if the problem goes away.
Still no success? You may want to run apache with gdb, but I have no experience with that, it might tell you something though.
No luck? Recompile either the module of cgi your webserver uses.
It's PHP 4.3.9 on RHEL4. Please don't shoot me.
I feel more sad for you then anger, we're beyond the 5.3 mark, come over, it's a lot more happy here.
I have an application on my server that is called leaf.exe, that haves two arguments needed to run, they are: inputfile and outputfile, that will be like this example:
pnote.exe input.pnt output.txt
The executable is at exec/, inputfile is at upload/ and outputfile is on compiled/. But I need that a PHP could run the application like that, then I want to know:
How could I do this on a server that have exec() disabled and I can't turn it on, because I don't have privileges to do it?
How could I echo the output of the program?
The exec function is probably what you're looking for: PHP: exec - Manual
There are a fair amount of ways to do this. It partly depends on how your executables act and what they return. Have a look at System Program Execution. Hober suggests exec(), and that may be right. Another possibility may be passthru()