Edit report at http://bugs.php.net/bug.php?id=10937&edit=1
ID: 10937 Updated by: [email protected] Reported by: kc834 at blu32 dot com -Summary: Interface to execl() library call +Summary: Interface to execl(), execv() Status: Open Type: Feature/Change Request Package: Program Execution Operating System: * PHP Version: * Block user comment: N Private report: N New Comment: See also bug #13843 Previous Comments: ------------------------------------------------------------------------ [2001-05-17 13:32:27] kc834 at blu32 dot com It would be very helpful if you implemented a command that could be used to execute an external program without using the shell. Such a feature would be useful in the following cases: 1) if another hole is discovered in EscapeShellCmd() 2) if the web server is being run in a chrooted environment, or in another situation in which /bin/sh access is forbidden or undesirable 3) if the user wishes to avoid the overhead of running the shell when a simple execl() would suffice 4) when individual arguments to a user program contain spaces or other characters that could be mangled by the shell and require special treatment (ex. execl("/bin/foo", "foo", "hello \"world", NULL) is a pain in the neck to do right now) 5) if for no other reason, than to make PHP more competitive with Perl, which does have this feature. it's not too hard to do. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=10937&edit=1
