[PHP] Commands which call exec() or shell_exec() ??
Hi -- - Strange problem. One of my applications was just moved to a new server. The new server has php configured to blacklist some functions (using disable_functions=). One of the banned functions is exec(). The error log is reporting shell_exec() has been disabled for security reasons --- but exec() or shell_exec() are not in my code *anywhere*. The program and line number being reported makes absolutely no sense. Are there other php commands that really call exec() or shell_exec() ??? Any clues how this could happen? Fixes (other than un-blacklisting the command, of course)? Many thanks, Ken
Re: [PHP] Commands which call exec() or shell_exec() ??
On Tue, Apr 9, 2013 at 3:11 PM, Ken Kixmoeller phph...@comcast.net wrote: Hi -- - Strange problem. One of my applications was just moved to a new server. The new server has php configured to blacklist some functions (using disable_functions=). One of the banned functions is exec(). The error log is reporting shell_exec() has been disabled for security reasons --- but exec() or shell_exec() are not in my code *anywhere*. The program and line number being reported makes absolutely no sense. Are there other php commands that really call exec() or shell_exec() ??? Any clues how this could happen? Fixes (other than un-blacklisting the command, of course)? Many thanks, Ken If you're positive you aren't executing any command line code (backticks, passthru(), et cetera), then check to see if arbitrary code is somehow being attempted via your scripts. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Commands which call exec() or shell_exec() ??
On Tue, Apr 9, 2013 at 9:11 PM, Ken Kixmoeller phph...@comcast.net wrote: Hi -- - Strange problem. One of my applications was just moved to a new server. The new server has php configured to blacklist some functions (using disable_functions=). One of the banned functions is exec(). The error log is reporting shell_exec() has been disabled for security reasons --- but exec() or shell_exec() are not in my code *anywhere*. The program and line number being reported makes absolutely no sense. Are there other php commands that really call exec() or shell_exec() ??? Any clues how this could happen? Fixes (other than un-blacklisting the command, of course)? Many thanks, Ken The back tick(`) operator is also used for that same purpose. Maybe that's in your code? - Matijn
Re: [PHP] Commands which call exec() or shell_exec() ??
Thanks, Daniel - -- I do use passthru() -- in an entirely different part of the application (a place where it runs a mysqldump to do a manual backup). Of course, I have millions of backticks delimiting SQL fields and tables. The error log is reporting specifically shell_exec(). Would a stray backtick call that error? On Tue, Apr 9, 2013 at 2:39 PM, Daniel Brown danbr...@php.net wrote: On Tue, Apr 9, 2013 at 3:11 PM, Ken Kixmoeller phph...@comcast.net wrote: Hi -- - Strange problem. One of my applications was just moved to a new server. The new server has php configured to blacklist some functions (using disable_functions=). One of the banned functions is exec(). The error log is reporting shell_exec() has been disabled for security reasons --- but exec() or shell_exec() are not in my code *anywhere*. The program and line number being reported makes absolutely no sense. Are there other php commands that really call exec() or shell_exec() ??? Any clues how this could happen? Fixes (other than un-blacklisting the command, of course)? Many thanks, Ken If you're positive you aren't executing any command line code (backticks, passthru(), et cetera), then check to see if arbitrary code is somehow being attempted via your scripts. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/
Re: [PHP] Commands which call exec() or shell_exec() ??
Yes -- Thanks Matjen and Daniel --- There *was* a stray backtick in there. Weird that we haven't run into it before. Testing now. On Tue, Apr 9, 2013 at 2:41 PM, Matijn Woudt tijn...@gmail.com wrote: On Tue, Apr 9, 2013 at 9:11 PM, Ken Kixmoeller phph...@comcast.netwrote: Hi -- - Strange problem. One of my applications was just moved to a new server. The new server has php configured to blacklist some functions (using disable_functions=). One of the banned functions is exec(). The error log is reporting shell_exec() has been disabled for security reasons --- but exec() or shell_exec() are not in my code *anywhere*. The program and line number being reported makes absolutely no sense. Are there other php commands that really call exec() or shell_exec() ??? Any clues how this could happen? Fixes (other than un-blacklisting the command, of course)? Many thanks, Ken The back tick(`) operator is also used for that same purpose. Maybe that's in your code? - Matijn
Re: [PHP] Commands which call exec() or shell_exec() ??
Yes --- it worked. Thank you so very much. I had searched the heck out of this to no avail. This is why I think developer communities are so great -- always someone smarter than me (not that it is a high bar s) and willing to help. On Tue, Apr 9, 2013 at 3:05 PM, Ken Kixmoeller phph...@comcast.net wrote: Yes -- Thanks Matjen and Daniel --- There *was* a stray backtick in there. Weird that we haven't run into it before. Testing now. On Tue, Apr 9, 2013 at 2:41 PM, Matijn Woudt tijn...@gmail.com wrote: On Tue, Apr 9, 2013 at 9:11 PM, Ken Kixmoeller phph...@comcast.netwrote: Hi -- - Strange problem. One of my applications was just moved to a new server. The new server has php configured to blacklist some functions (using disable_functions=). One of the banned functions is exec(). The error log is reporting shell_exec() has been disabled for security reasons --- but exec() or shell_exec() are not in my code *anywhere*. The program and line number being reported makes absolutely no sense. Are there other php commands that really call exec() or shell_exec() ??? Any clues how this could happen? Fixes (other than un-blacklisting the command, of course)? Many thanks, Ken The back tick(`) operator is also used for that same purpose. Maybe that's in your code? - Matijn
Re: [PHP] Commands which call exec() or shell_exec() ??
you probe command system()? 2013/4/9 Ken Kixmoeller phph...@comcast.net Yes --- it worked. Thank you so very much. I had searched the heck out of this to no avail. This is why I think developer communities are so great -- always someone smarter than me (not that it is a high bar s) and willing to help. On Tue, Apr 9, 2013 at 3:05 PM, Ken Kixmoeller phph...@comcast.net wrote: Yes -- Thanks Matjen and Daniel --- There *was* a stray backtick in there. Weird that we haven't run into it before. Testing now. On Tue, Apr 9, 2013 at 2:41 PM, Matijn Woudt tijn...@gmail.com wrote: On Tue, Apr 9, 2013 at 9:11 PM, Ken Kixmoeller phph...@comcast.net wrote: Hi -- - Strange problem. One of my applications was just moved to a new server. The new server has php configured to blacklist some functions (using disable_functions=). One of the banned functions is exec(). The error log is reporting shell_exec() has been disabled for security reasons --- but exec() or shell_exec() are not in my code *anywhere*. The program and line number being reported makes absolutely no sense. Are there other php commands that really call exec() or shell_exec() ??? Any clues how this could happen? Fixes (other than un-blacklisting the command, of course)? Many thanks, Ken The back tick(`) operator is also used for that same purpose. Maybe that's in your code? - Matijn
Re: [PHP] Commands which call exec() or shell_exec() ??
Yes, but no further need. Problem solved. On Tue, Apr 9, 2013 at 4:06 PM, El Ale... alexissauc...@gmail.com wrote: you probe command system()? 2013/4/9 Ken Kixmoeller phph...@comcast.net Yes --- it worked. Thank you so very much. I had searched the heck out of this to no avail. This is why I think developer communities are so great -- always someone smarter than me (not that it is a high bar s) and willing to help. On Tue, Apr 9, 2013 at 3:05 PM, Ken Kixmoeller phph...@comcast.net wrote: Yes -- Thanks Matjen and Daniel --- There *was* a stray backtick in there. Weird that we haven't run into it before. Testing now. On Tue, Apr 9, 2013 at 2:41 PM, Matijn Woudt tijn...@gmail.com wrote: On Tue, Apr 9, 2013 at 9:11 PM, Ken Kixmoeller phph...@comcast.net wrote: Hi -- - Strange problem. One of my applications was just moved to a new server. The new server has php configured to blacklist some functions (using disable_functions=). One of the banned functions is exec(). The error log is reporting shell_exec() has been disabled for security reasons --- but exec() or shell_exec() are not in my code *anywhere*. The program and line number being reported makes absolutely no sense. Are there other php commands that really call exec() or shell_exec() ??? Any clues how this could happen? Fixes (other than un-blacklisting the command, of course)? Many thanks, Ken The back tick(`) operator is also used for that same purpose. Maybe that's in your code? - Matijn