From: [EMAIL PROTECTED] Operating system: Windows 2000 IIS 5 SP2 PHP version: 4.2.1 PHP Bug Type: *General Issues Bug description: using exec
One cannot utilize the exec() funtion without granting read/execute rights to the IUSR-machinename account on cmd.exe. This is a major security flaw on windows systems. Almost all of the exploits on IIS systems stem from allowing the IUSR account to have read/execute permissions on cmd.exe. So, with that said, the exec() function is unusable on IIS. I'm new to PHP and I don't know who handles the decisions for which accounts an app runs under, but whoever you are you need to change this yesterday to protect the users of PHP on windows. Peace. -- Edit bug report at http://bugs.php.net/?id=17415&edit=1 -- Fixed in CVS: http://bugs.php.net/fix.php?id=17415&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=17415&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=17415&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=17415&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=17415&r=support Expected behavior: http://bugs.php.net/fix.php?id=17415&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=17415&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=17415&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=17415&r=globals
