SitePoint Sponsor

User Tag List

Results 1 to 3 of 3

Thread: shell_exec secure?

  1. Nov 19, 2012 09:19 #1
    materix
    materix is offline
    SitePoint Addict
    Join Date
    Feb 2004
    Posts
    278
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    shell_exec secure?

    Hi.

    Does enabling shell_exec in php.ini always pose a security risk? Or can it be done safely?
    Reply With Quote Reply With Quote
  2. Nov 20, 2012 08:56 #2
    wwb_99
    wwb_99 is offline
    SitePoint Author silver trophybronze trophy
     wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,427
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    I'd argue it is always a risk -- the damage an attacker can do with the ability to execute arbitrary shell commands is immense. This risk can be abated by being religious about input sanitization and making sure that PHP runs in a restricted context. But I would not open the door if I had other options.
    Reply With Quote Reply With Quote
  3. Nov 22, 2012 06:47 #3
    sahostking
    sahostking is offline
    SitePoint Enthusiast
    Join Date
    Nov 2012
    Location
    Cape Town, South Africa
    Posts
    33
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yip I disable that when setting up a new server. Anything that can execute shell scripts is a major risk
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules