Is it possible to whitelist command/programs to be used by shell_exec?
Hi, I'd like to enable the 'shell_exec' function for PHP sites running on my server, however, I only want it to be used for zipping folders and files.
I'm afraid removing shell_exec from disable_functions would open up too many potential risks, so I'd like to let users use shell_exec but only for zipping/compressing folders as using the binary is considerably faster than using something like php's ZipArchive.
My server has CloudLinux installed, if it helps.
If that's not possible, how are hosts enabling the use of the shell_exec function without compromising their servers' security?
Thanks
-
My server has CloudLinux installed, if it helps.
Hello, I believe shell_exec is safe when using CageFS, according to this thread on the CloudLinux forums: shell_exec + cloudlinux + cagefs Thank you.0 -
Hello, I believe shell_exec is safe when using CageFS, according to this thread on the CloudLinux forums: shell_exec + cloudlinux + cagefs Thank you.
Thanks. So that would protect the server in general by preventing users from leaving their jail, but would that prevent someone to use, say `wget` from shell_exec to download potential harmful files?0 -
but would that prevent someone to use, say `wget` from shell_exec to download potential harmful files?
Could you provide an example of a harmful file or a specific action such a file would take? Thank you.0 -
Thanks. So that would protect the server in general by preventing users from leaving their jail, but would that prevent someone to use, say `wget` from shell_exec to download potential harmful files?
- So that would protect the server in general by preventing users from leaving their jail yes. - would that prevent someone to use, say `wget` from shell_exec to download potential harmful files no, probably not.0
Please sign in to leave a comment.
Comments
4 comments