ID: 13843
Updated by: derick
Old Summary: Command line arguments escaped magically and out of
control
Reported By: [EMAIL PROTECTED]
Status: Open
Old Bug Type: Program Execution
Bug Type: Feature/Change Request
Operating System: Unix
PHP Version: 4.0.6
New Comment:
The space is usually not a problem, but a ; is.
However execv is a nice idea, making this into a feature request.
Derick
Previous Comments:
------------------------------------------------------------------------
[2002-01-24 04:44:57] [EMAIL PROTECTED]
I understand that pipes and redirections could break the point of using
safe_mode but, what I can't understand, is how a space in an argument
can make the system vulnerable...
------------------------------------------------------------------------
[2001-10-29 16:27:41] [EMAIL PROTECTED]
Rats! I meant to say "to standard out" in the last sentence.
------------------------------------------------------------------------
[2001-10-29 16:23:58] [EMAIL PROTECTED]
Rasmus, what you are saying about shell redirection being a threat
under safe mode makes sesnse. But how about being able to pass
parameters with spaces in them? I cannot see any security implication
in that...
In any case, I want to be able to read standard error from the command
I'm executing...
How about providing a PHP variant of C's execv() in PHP, so that I
could pass it an array of parameters? And, perhaps, add a flag to
existing program execution functions to duplicate standard error to
standard in.
------------------------------------------------------------------------
[2001-10-29 16:14:34] [EMAIL PROTECTED]
I forgot to add that it appears that this bug is not Solaris-specific,
but, rather, safe mode specific.
------------------------------------------------------------------------
[2001-10-29 16:14:31] [EMAIL PROTECTED]
Well, not being able to use shell redirection and command line args in
safe-mode makes a lot of sense. You could trivially circumvent the
safe-mode restrictions if you were allowed to do this. Basically
safe-mode only allows system calls to very limited things. Basically
prepared scripts placed in the safe-mode-exec-dir. I don't see how we
could allow arguments and redirects and still maintain the point behind
safe-mode.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/?id=13843
Edit this bug report at http://bugs.php.net/?id=13843&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
