apache1.3 without jail and PHP cannot execute some system binaries..why?
Hello, I have a script that is being called from the web , it invokes the system() function and I try to test running some system commands to see if they are properly invoked. Apache is running without jail (-d) due to special needs. mv and cp do not display any output (this do not execute), while cat and ls do. If I run the script via the command line all of the commands display ouput (even if its the usage help info of each command) . I have tried running the commands with the absolute path, and without. The permissions and ownerhsip for /bin are all the same and are system defaults. What could be wrong? Andres
Re: apache1.3 without jail and PHP cannot execute some system binaries..why?
On Fri, 2009-08-14 at 09:59 -0500, Andres Salazar wrote: Apache is running without jail (-d) due to special needs. You mean -u, right?
Re: apache1.3 without jail and PHP cannot execute some system binaries..why?
At 09:59 AM 8/14/2009 -0500, Andres Salazar wrote: Hello, mv and cp do not display any output (this do not execute), while cat and ls do. Probably because the scripts get launched with the UID/GID of Apache, and you don't have write permission to the directory as that user/group. Test it by runing the script AS the user/group that's running Apache. Lee
Re: apache1.3 without jail and PHP cannot execute some system binaries..why?
Yes, iam sorry typo I meant i disabled chroot with -u i went over the php.ini and there is nothing listed in disable_functions Please advise. thanks
Re: apache1.3 without jail and PHP cannot execute some system binaries..why?
I have also tried using the user www and executing the script.. it works fine.. It just doesnt work via the web. On Fri, Aug 14, 2009 at 11:04 AM, Andres Salazarndrsslz...@gmail.com wrote: Yes, iam sorry typo I meant i disabled chroot with -u i went over the php.ini and there is nothing listed in disable_functions Please advise. thanks
Re: apache1.3 without jail and PHP cannot execute some system binaries..why?
ls -la /bin pretty much says that the permissions and ownership are the same for mv, cp, cat, ls I dont think its a permission/ownerhsip issue. Please advise. On Fri, Aug 14, 2009 at 11:18 AM,# ls -la total 14192 drwxr-xr-x 2 root wheel1024 Aug 4 11:58 . drwxr-xr-x 14 root wheel 512 Aug 4 11:59 .. -r-xr-xr-x 2 root bin 82636 Aug 4 11:58 [ -r-xr-xr-x 1 root bin 99020 Aug 4 11:58 cat -r-xr-xr-x 3 root bin180940 Aug 4 11:58 chgrp -r-xr-xr-x 1 root bin 99020 Aug 4 11:58 chio -r-xr-xr-x 3 root bin180940 Aug 4 11:58 chmod -r-xr-xr-x 5 root bin123596 Aug 4 11:58 cksum -r-xr-xr-x 1 root bin111308 Aug 4 11:58 cp -r-xr-xr-x 3 root bin271052 Aug 4 11:58 cpio -r-xr-xr-x 1 root bin291532 Aug 4 11:58 csh -r-xr-xr-x 1 root bin103116 Aug 4 11:58 date -r-xr-xr-x 1 root bin 90828 Aug 4 11:58 dd -r-xr-xr-x 1 root bin 94924 Aug 4 11:58 df -r-xr-xr-x 1 root bin 82636 Aug 4 11:58 domainname -r-xr-xr-x 1 root bin 78540 Aug 4 11:58 echo -r-xr-xr-x 1 root bin168652 Aug 4 11:58 ed -r-xr-xr-x 2 root bin209612 Aug 4 11:58 eject -r-xr-xr-x 1 root bin119500 Aug 4 11:58 expr -r-xr-xr-x 1 root bin 82636 Aug 4 11:58 hostname -r-xr-xr-x 1 root bin 82636 Aug 4 11:58 kill -r-xr-xr-x 3 root bin332492 Aug 4 11:58 ksh -r-xr-xr-x 1 root bin 82636 Aug 4 11:58 ln -r-xr-xr-x 1 root bin180940 Aug 4 11:58 ls -r-xr-xr-x 5 root bin123596 Aug 4 11:58 md5 -r-xr-xr-x 1 root bin 99020 Aug 4 11:58 mkdir -r-xr-xr-x 2 root bin209612 Aug 4 11:58 mt -r-xr-xr-x 1 root bin164556 Aug 4 11:58 mv -r-xr-xr-x 3 root bin271052 Aug 4 11:58 pax -r-xr-xr-x 1 root bin201420 Aug 4 11:58 ps -r-xr-xr-x 1 root bin 82636 Aug 4 11:58 pwd -r-xr-xr-x 1 root bin221900 Aug 4 11:58 rcp -r-xr-xr-x 3 root bin332492 Aug 4 11:58 rksh -r-xr-xr-x 1 root bin180940 Aug 4 11:58 rm -r-xr-xr-x 1 root bin 86732 Aug 4 11:58 rmail -r-xr-xr-x 5 root bin123596 Aug 4 11:58 rmd160 -r-xr-xr-x 1 root bin 99020 Aug 4 11:58 rmdir -r-xr-xr-x 3 root bin332492 Aug 4 11:58 sh -r-xr-xr-x 5 root bin123596 Aug 4 11:58 sha1 -r-xr-xr-x 1 root bin 99020 Aug 4 11:58 sleep -r-xr-xr-x 1 root bin115404 Aug 4 11:58 stty -r-xr-xr-x 5 root bin123596 Aug 4 11:58 sum -r-xr-xr-x 1 root bin 82636 Aug 4 11:58 sync -r-xr-xr-x 1 root bin352972 Aug 4 11:58 systrace -r-xr-xr-x 3 root bin271052 Aug 4 11:58 tar -r-xr-xr-x 2 root bin 82636 Aug 4 11:58 test
Re: apache1.3 without jail and PHP cannot execute some system binaries..why?
Set httpd.conf with only 1 process, and execute the .php, then follow the httpd process with a ktrace. 2009/8/14 Andres Salazar ndrsslz...@gmail.com: I have also tried using the user www and executing the script.. it works fine.. It just doesnt work via the web. On Fri, Aug 14, 2009 at 11:04 AM, Andres Salazarndrsslz...@gmail.com wrote: Yes, iam sorry typo I meant i disabled chroot with -u i went over the php.ini and there is nothing listed in disable_functions Please advise. thanks
Re: apache1.3 without jail and PHP cannot execute some system binaries..why?
At 11:30 AM 8/14/2009 -0500, Andres Salazar wrote: ls -la /bin pretty much says that the permissions and ownership are the same for mv, cp, cat, ls I dont think its a permission/ownerhsip issue. You missed the point - permissions ARE an issue when you're running as www or apache! To change a file in a directory as UID=nobody, you would have to have 777 permissions, which you probably don't (hopefully). TEST the script AS the UID/GID used by httpd - you will find the permission problems. Lee
Re: apache1.3 without jail and PHP cannot execute some system binaries..why?
Hello, On Fri, Aug 14, 2009 at 09:59:41AM -0500, Andres Salazar wrote: I have a script that is being called from the web , it invokes the system() function and I try to test running some system commands to see if they are properly invoked. mv and cp do not display any output (this do not execute), while cat and ls do. If I run the script via the command line all of the commands display ouput (even if its the usage help info of each command) . Maybe just a stupid thought, but could it be that cp and mv, for some particular reason linked to that setup, output to stderr, while ls and cat output to stdout. That would assume that system() only catches stdout (to be checked), but could be a problem a stream redirection. I just checked and confirmed that usage help and error messages (e.g. in case of right problem) of cp are output on stderr. -- Olivier Mehani sht...@ssji.net PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F012 A6E2 98C6 6655 [demime 1.01d removed an attachment of type application/pgp-signature]
Re: apache1.3 without jail and PHP cannot execute some system binaries..why?
On Fri, Aug 14, 2009 at 01:39:22PM -0300, Gonzalo Lionel Rodriguez wrote: Set httpd.conf with only 1 process, and execute the .php, then follow the httpd process with a ktrace. It's easier to do ktrace -di httpd -X -Otto 2009/8/14 Andres Salazar ndrsslz...@gmail.com: I have also tried using the user www and executing the script.. it works fine.. It just doesnt work via the web. On Fri, Aug 14, 2009 at 11:04 AM, Andres Salazarndrsslz...@gmail.com wrote: Yes, iam sorry typo I meant i disabled chroot with -u i went over the php.ini and there is nothing listed in disable_functions Please advise. thanks