I realize that, just didn't want to suggest that /tmp was a good solution instead of a database. The question is always about security, btw ;)
-Javier -----Original Message----- From: Robert Cummings [mailto:[EMAIL PROTECTED] Sent: Sunday, November 09, 2003 5:54 PM To: Javier Muniz Cc: Teren; PHP-General Subject: RE: [PHP] Executing shell commands I did mention database as one of the solutions. The question wasn't about security so I didn't elaborate. Cheers, Rob. On Sun, 2003-11-09 at 16:45, Javier Muniz wrote: > Ack! No no no no no! At least put something this critical in a > password protected database, not a place that could possibly be > written to by a malicious user that gains access to an easily-writable > directory like /tmp, the DoS and security ramifications of having a > system like this are huge. Be exceptionally careful, and never pretend > that /tmp is a safe place for data. If something is being read from > /tmp then it should be treated the same way user-inputted data is, and > never trusted. > > -Javier > > -----Original Message----- > From: Robert Cummings [mailto:[EMAIL PROTECTED] > Sent: Sunday, November 09, 2003 12:47 AM > To: Teren > Cc: PHP-General > Subject: Re: [PHP] Executing shell commands > > > On Sun, 2003-11-09 at 03:41, Teren wrote: > > > > Hi, I'm trying to write a front end for something and I want to be > > able to execute shell commands. I tried all of the pre-written > > functions and non of them would work. I setup a user that can sudo and > > then i set apache to run as that user. So, what I tried to do is > > shell_exec("sudo -s; reboot;"); but that didn't work, I also tried > > other numerous variations all of which didn't work (also using exec(), > > system(), passthru() ). If any one has any ideas how i can do this, > > please let me know. Thanks > > I believe this has been answered quite recently and the large > consensus was to have a daemon (cron or otherwise) check for some > status file or database entry, which when set it would perform the > required function. So for instance to reboot the machine, perhaps a > cron job would check for the existence of /tmp/myFrontEnd/reboot and > if found reboot the machine. Thus the front end would only need to > create the file. > > HTH, > Rob. > -- > .------------------------------------------------------------. > | InterJinn Application Framework - http://www.interjinn.com | > :------------------------------------------------------------: > | An application and templating framework for PHP. Boasting | a > | powerful, scalable system for accessing system services | such as > | forms, properties, sessions, and caches. InterJinn | > | also provides an extremely flexible architecture for | > | creating re-usable components quickly and easily. | > `------------------------------------------------------------' > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- .------------------------------------------------------------. | InterJinn Application Framework - http://www.interjinn.com | :------------------------------------------------------------: | An application and templating framework for PHP. Boasting | a | powerful, scalable system for accessing system services | such as | forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `------------------------------------------------------------' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
