php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #63533 new php.ini flag disable_execute
Submitted: 2012-11-15 21:29 UTC Modified: 2014-02-10 04:36 UTC
Votes:6
Avg. Score:3.7 ± 1.5
Reproduced:1 of 2 (50.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: thbley at gmail dot com Assigned: yohgaki (profile)
Status: Wont fix Package: *Configuration Issues
PHP Version: 5.5.0alpha1 OS: all
Private report: No CVE-ID: None
View Developer Edit
 [2012-11-15 21:29 UTC] thbley at gmail dot com 
Description:
------------
add new flag to php.ini:
disable_execute = On|Off
(default: On?)

which is the same as:
disable_functions = exec,shell_exec,passthru,system,popen,proc_open,pcntl_exec

=> make secure configuration easier

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-10-24 06:54 UTC] yohgaki@php.net
-Assigned To: +Assigned To: yohgaki
 [2014-02-10 04:36 UTC] bjori@php.net
-Status: Assigned +Status: Wont fix
 [2014-02-10 04:36 UTC] bjori@php.net 
These functions aren't marked specifically and don't need any special attributes - meaning we can't magicly decide that those functions execute anything.
That in turn means any new extension, or even existing pecl extension, would not be protected by that feature - making it useless.
We found this out the hard way.. This sort of thing don't work.

Besides - we don't want to add more ini options.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 15:01:29 2024 UTC