Mailinglist Archive: opensuse-security (564 mails)

< Previous Next >
Re: [suse-security] system()/exec() within a PHP script
Hi,

On Sat, 6 Jan 2001 abarguia@xxxxxxxxxxxxxxxxxxxx wrote:

Within a php script the following line does nothing:

system ("/Absolute-path-to/convert -geometry 150x150
/Absolute-path-to/PHP_image.gif /path-to/PHP_scaledimage.gif")

Have you disabled safe_mode in your PHP Ini-file? If not you'll only be
able to Exec, System, PassThru and Popen Executables residing in
PHP_SAFE_MODE_EXEC_DIR which is a #define from php.h (hence set at compile
time).

You can either say "safe_mode = 0" (which will defeat some of the security
measures PHP provides) or simply edit/use PHP_SAFE_MODE_EXEC_DIR. You
better do the latter.

Thanks Sebastien for your answer.

I had already set safe_mode to off. I am aware about the security issues. I just wanted to test my script.

the command system ("ls -l") works fine, so I am wondering if the problem doesn't reflect a bug in PHP4.03pl1 or in a suse module

regards

cherif abarguia

< Previous Next >
Follow Ups
References