I have done this now in the form of a patch and it follows the following
logic:
Just before php_escape_shell_cmd returns it calls a new function
'php_remove_escape_if_safe()'
This scans the shell command for any '|', '>' or '<' (called redirects
for the purpose of this message).
If the cmd contains '..' anywhere in the string, the function does
nothing.
If the text following the redirect starts with DOCUMENT_ROOT or
safe_mode_exec_dir then it is allowed (the preceeding '' is set to
space).
Unless the redirect is '>' and the redirect starts with
safe_mode_exec_dir, to prevent overwriting or creation of execs in this
directory.
Is anyone interested in putting forward this idea as a general mod? -
This would help those of us running PHP on virtual servers..
I have also added a new keyword 'safe_mode_include_docroot' which acts
like 'safe_mode_include_dir', only its dynamic and allows reading by
other uid's and gid's when the file(s) are beneath DOCUMENT_ROOT.
This also helps virtual servers.
-----Original Message-----
From: Jamison Charlesworth [mailto:jc@firststopinternet.com]
Sent: 08 May 2003 14:31
To: 'php-dev@lists.php.net'
Subject: php_escape_shell_cmd
Hi
I am thinking of making a mod to this to help people using scripts on my
virtual servers.
At present when in SAFE_MODE the pipe '|' and redirect '<' '>' entries
are escaped, and the reasons for this are well understood.
However, I am thinking that if the executable is in safe_mode_exec_dir
and the command being 'piped' to is also in the safe_mode_exec_dir then
this would be safe to allow.
Also, if a file beinf redirected via < or > is within the DOCUMENT_ROOT
then this should also be allowed.
Any views on this?
Regards, Jamie.