PHP Shell_exec for specific commands only

Question

PHP Shell_exec for specific commands only

Is there a way to disable shell_exec , with the exception of only certain commands that can be whitelisted?

I decided that I could always go in and just put these commands in mod_sec , the main commands that I don't want to run. But such a configuration is not enough. I want to disable shell_exec , but allow shell_exec to work only with certain commands, or rather two.

I am running CentOS, Cpanel and PHP 5.2.17.

+4

linux php shell-exec

jfreak53 Oct 9 '12 at 15:48

source share

1 answer

Patrick pease · Answer 1 · 2014-09-11T12:05:26+0000

This is not a vague / white list per se, but if it is executed correctly, it provides control over users and strictly controlled access only to shell commands specified in the code.

  $Ops = array( 'function1' => function($parameter){ DO PARAMETER CHECK HERE; shell_exec("CommandThatIsSafetoPerform" + parameter here); }, 'function2' => function($parameter){ DO PARAMETER CHECK HERE; shell_exec("CommandThatIsSafetoPerform" + parameter here); }, 'function3' => function($parameter){ DO PARAMETER CHECK HERE; shell_exec("CommandThatIsSafetoPerform" + parameter here); }, );

then call use something like this:

 call_user_func(Ops["function1"], "your parameter here");

A few special notes: Giving users access to options poses problems. You are better off with ALL hard coding and not give users the ability to modify any of the parameters.

PHP Shell_exec for specific commands only

More articles: