Posted by NC on 01/19/06 00:24

a wrote:
>
> The php script that processes user input from a form, starts a new process
> using exec. In my case, the process may contain arbitrary, user defined
> functionality. How do I ensure that that process doesn't do any harm? Is
> there a way to define a sort of sandbox that the process can run in, so it
> won't be able to access any unauthorized resources, or do some other
> damage to the server?

If your process contains arbitrary user-defined functionality, there's
nothing you can do to define a sandbox for it. Arbitrary user-defined
functionality may include switching to the superuser mode (e.g., su on
Unix), which renders any sandbox meaningless.

Cheers,
NC

• Next in forum: Re: How do I do this query?
• Prev in forum: Base functionality for a PHP based website
• Thread view: Re: Security in an process started with exec

[Reply to this message]