ID: 14897
Comment by: unknown at simplemachines dot org
Reported By: louis at steelbytes dot com
Status: No Feedback
Bug Type: Program Execution
Operating System: Windows 2000
PHP Version: 4.1.1
New Comment:
Test case:
// Use any filenames you want.
exec('c:/usr/local/bin/tar.exe -c --file=smf_1-0-alpha_safe.tar -c
index.php');
If the IIS user (IUSR_COMPUTERNAME) does not have access to cmd.exe,
which is the default as of a security update for IIS, PHP will give
said error.
This can be fixed by giving read permissions to cmd.exe, but this is a
security risk. (or, at least, can be one.)
The only benefit adding cmd.exe /c seems to have is making things like
"dir," "echo," etc. work.
As such, I would suggest one of a few actions:
- create a php.ini directive. (a waste...)
- use the current method, but on an error fall back to attempting to
issue the command directly.
- always issue the command directly, or add an parameter to the exec
function to do so.
- do nothing because you don't care about IIS/windows users. (I hope
not!)
The best solution, in my humble opinion, would be to use a fallback -
at least under NT. I also would like it to use the comspec environment
variable, if available.
Thank you,
-[Unknown]
Previous Comments:
------------------------------------------------------------------------
[2002-11-27 06:40:43] h dot siedler at liebl dot at
under iis5.0 and php4.0.6 there's always the message "unable to fork"
by using the exec() command.The same with system() command. Is there
someway that works?
------------------------------------------------------------------------
[2002-11-16 01:00:02] php-bugs at lists dot php dot net
No feedback was provided for this bug for over 2 weeks, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
------------------------------------------------------------------------
[2002-10-31 14:51:10] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php4-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php4-win32-latest.zip
------------------------------------------------------------------------
[2002-01-21 07:16:43] louis at steelbytes dot com
re enable access to cmd.exe for php:
if you are using IIS, then PHP will be run using the IWAM_<machinename>
account. so you would have to set the right for cmd.exe to include this
account.
if you are using a different web server, then I have no idea what
account would need access to cmd.exe
re stopping php from prepending "cmd /c ":
not that I know of, and hence the bug report that I posted requesting
the developers changing it.
------------------------------------------------------------------------
[2002-01-21 06:32:42] davidfelton at codemasters dot com
Is there a way to enable access to cmd.exe so that it is only available
to php.exe?
Or a way of stopping php prepending "cmd.exe /c " in front of any calls
to exec?
thanks.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/14897
--
Edit this bug report at http://bugs.php.net/?id=14897&edit=1
