Hello, I performed some tests using the backticks operator and the system() call. This is my.php : <? /*-----------------------------------------------------------*/ header("Pragma: no-cache"); // HTTP/1.0 header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
?> <HTML> <head> <title> uhmmmm </title> </head> <body> I am <? $fldr = "d:\\winnt"; system("g:\\cygwin\\bin\\whoami"); echo "<br>"; $k = sprintf( `dir $fldr` ); $k = str_replace ("<", "<", $k ); $k = str_replace (">", ">", $k ); $k = str_replace ("\n", "<br>", $k ); echo "\$k = $k"; ?> </body> </html> this is the output: I am SYSTEM $k = Volume in drive D is WIN2KSRV Volume Serial Number is 58D7-73D6 Directory of d:\winnt 06/25/2003 05:36p <DIR> . 06/25/2003 05:36p <DIR> .. 05/30/2003 11:46a 21,107 Active Setup Log.txt 05/29/2003 05:14p <DIR> addins 05/29/2003 06:20p <DIR> Application Compatibility Scripts 05/30/2003 10:15a <DIR> AppPatch 12/07/1999 02:00p 1,272 Blue Lace 16.bmp 05/30/2003 04:40p <DIR> Cache 05/30/2003 01:40p 24,106 certocm.log 12/07/1999 02:00p 82,944 clock.avi 12/07/1999 02:00p 17,062 Coffee Bean.bmp 05/29/2003 04:27p 1,038 COM+.log ..... and so on My problem is that it works too much ;-) because the SYSTEM account can read everywhere in my win partition. Is it possible to have the command executed by the user IUSR_machinename instead of SYSTEM ? In this case I can set up proper right in order to prevent access to certain sensitive folders.... TIA, bye, ___________________________________________________________________ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php