php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #35398 php's exec() requires a shell
Submitted: 2005-11-25 18:24 UTC Modified: 2015-01-09 00:00 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: szo at szo dot hu Assigned:
Status: Wont fix Package: Program Execution
PHP Version: * OS: posix
Private report: No CVE-ID: None
 [2005-11-25 18:24 UTC] szo at szo dot hu
Description:
------------
I use php in a chroot()-et environment, and I can't use exec()  unless I provide a shell in the chroot as well, which lowers it's security a bit. The exec() requires a shell because it's implemented using popen(). I think it should be possible to aboid popen and use dup() instead.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-11-25 18:25 UTC] szo at szo dot hu
changed os to posix
 [2015-01-08 23:59 UTC] ajf@php.net
-Status: Open +Status: Wont fix -Package: Feature/Change Request +Package: *General Issues -PHP Version: 5.1.0 +PHP Version: *
 [2015-01-08 23:59 UTC] ajf@php.net
Can't be done, command arguments need to be parsed, sorry.
 [2015-01-08 23:59 UTC] ajf@php.net
Or rather: exec() doesn't take an array of string arguments and a command name, it just takes a string containing a command line, so we need a shell to parse it.
 [2015-01-09 00:00 UTC] ajf@php.net
-Package: *General Issues +Package: Program Execution
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 12:01:31 2024 UTC