|
Posted by Jim Poserina on 03/24/05 06:07
Wed 23 Mar 2005--23:05:30--/home/webuser>whoami
root
Wed 23 Mar 2005--23:05:33--/home/webuser>cat test.php
<?php echo exec("whoami")."\n"; ?>
Wed 23 Mar 2005--23:05:36--/home/webuser>php test.php
Content-type: text/html
X-Powered-By: PHP/4.3.9
root
Wed 23 Mar 2005--23:05:39--/home/webuser>su webuser
[webuser@ecos ~]$ php test.php
Content-type: text/html
X-Powered-By: PHP/4.3.9
[webuser@ecos ~]$ whoami
webuser
[webuser@ecos ~]$ exit
"Jim Poserina" <jimpoz@econlineservices.com> wrote in message
news:20050324021300.55464.qmail@lists.php.net...
> The output is:
>
> OS Error: 127.
>
> I have a second server that I use as a downtime backup. On that one, all
> the scripts work normally. I don't have to give a path for the commands,
any
> commands with permission problems return "permission denied," and the
apache
> user (nobody) actually has /sbin/nologin as the shell.
>
>
> "Richard Lynch" <ceo@l-i-e.com> wrote in message
> news:2609.66.243.145.38.1111561333.squirrel@www.l-i-e.com...
> > On Mon, March 21, 2005 8:20 pm, Jim Poserina said:
> > > If I run this PHP script:
> > > <?php
> > > echo '<pre>';
> > > echo exec('whoami');
> >
> > The first most biggest thing wrong is that you aren't using the
additional
> > arguments to exec() to find out what your output is, and if your command
> > generated an error.
> >
> > For starters, I'm betting that at least one of the following is true:
> > whoami is not in the $PATH/$path of the PHP user.
> > whoami is not executable by the PHP user.
> >
> > You'll never find out which unless you use the extra args to exec
> >
> > http://php.net/exec
> >
> > > echo '</pre>';
> > > ?>
> > >
> > > from the web, the output is
> > >
> > > <pre></pre>and from the command line running as the apache
> user(webuser),
> > > the output is.
> > > Content-type: text/html
> > > X-Powered-By: PHP/4.3.9
> > >
> > > <pre></pre>
> >
> > EXCELLENT attempt to diagnose this, though!
> >
> > > But if I run from the command line as root, the output is:
> > >
> > > Content-type: text/html
> > > X-Powered-By: PHP/4.3.9
> > >
> > > <pre>root</pre>and from the command line as a user in the root group,
> the
> > > output is:
> > > Content-type: text/html
> > > X-Powered-By: PHP/4.3.9
> > >
> > > <pre>jimpoz</pre>Safe mode is turned off. As webuser (or any
> > > non-root-group
> > > user), no shell commands work. Not echo, not ls, not whoami, not
touch.
> > > And
> > > no shell functions work: no exec(), no passthru(), no shell_exec(), no
> > > backticks. Every command I'm trying to run is world-readable and
> > > world-executable.
> >
> > But are they in the $path of webuser?
> >
> > Use the full path to them if they aren't
> >
> > exec("/bin/whoami", $output, $error);
> > if ($error) echo ("OS Error: $error.<br />\n");
> > echo implode("<br />", $output);
> >
> > > If I turn safe mode on, it gives me a "safe mode is on" warning only
> about
> > > lines that call shell_exec(), and not for exec() or any of the others.
> > > Other
> > > than that, it doesn't hang or give any kind of error or anything when
it
> > > comes to a shell function call; apparently it just ignores them.
> >
> > No, it tries to run them, and fails, and provides the error messages and
> > error number in the variables you aren't using :-)
> >
> > Some days, I think the PHP Dev Group should just make those arguments to
> > exec() required.
> >
> > --
> > Like Music?
> > http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|