Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,441
    Thanks
    274
    Thanked 32 Times in 31 Posts

    checking safe mode and shell exec

    Hi i put this together out of what i found on the net and modified it for me, but im not 100 percent sure its correct, im pretty sure my shell is enabled i ask for it to be when i got my host. So wanted to do this check to be sure.

    It is giving results and there are not errors that i know of, but Its not giving me the results as far as on off 1 or 0 that i expect to see thinking that
    it should be enabled, its showing its not enabled, so i thought i would ask here to make sure this is correct.

    PHP Code:

    //php function

    function is_exec_available() 
    {
     
    // is safe mode on or off
     
    if ( $safe_mode ini_get'safe_mode' ) && strtolower$safe_mode ) != 'off' )
     {
     
    $issafemode on;
     }else{
           
    $issafemode off;
            }
    //close else
     
    // Is shell_exec disabled
     
    if ( in_array'exec'array_map'trim'explode','ini_get'disable_functions' ) ) ) ) )
     {
     
    $shelldisabled false;
     }else{
            
    $shelldisabled true;
             }
     
       
    //this is to just to double check shell a dif way
        //this returns true if shell exec is enabled
     
      
    $disabled explode(', 'ini_get('disable_functions'));
      
    $doublecheck = !in_array('exec'$disabled);
     
    // show results

    echo "is safe mode on (on or off): ".$issafemode;
     echo 
    "<br />";
     echo 
    "is shell disabled (1 yes - 0 no):".$shelldisabled;
     echo 
    "<br />";
     echo 
    "double check shell (1 off - 0 on):".$doublecheck;
     echo 
    "<br />";
     echo 
    "complete";
     
    }
    //close function
     
    is_exec_available(); 
    here are the results:

    is safe mode on (on or off): off
    is shell disabled (1 yes - 0 no):1
    double check shell (1 off - 0 on):1
    complete


    Also before i go and turn this on (if it is off) i am unable to find any real docs that tell me two things. I found some docs but they just go over commands not explain what this is exactly.
    A. what exactly is shell_exec and what does it to
    B. how to enable it securely.

    thanks
    Last edited by durangod; 01-08-2013 at 12:14 AM.

  • #2
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,441
    Thanks
    274
    Thanked 32 Times in 31 Posts
    I probably should have posted this in the Apache section. If a mod agrees you can move it if you like

    Thanks.

  • #3
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    This isn't an apache issue.
    Safe mode should be checked against true/false as well as on/off. This is an unfortunate instance of using php_value setting from httpd.conf or .htaccess. Otherwise it should always be a boolean.
    PHP Code:
    if ($sm ini_get('safe_mode'))
    {
        if (((
    is_int($sm) || is_bool($sm)) && $sm == 1) || (is_string($sm) && strcasecmp($sm'on') == 0))
        {
            
    $issafemode true;
        }

    I don't think there is an easier way to do that one. It looks to me that it will work and covers int, boolean, and the possible string pushed by the httpd, but I can't verify atm since I don't want to install a < 5.4 environment to verify.

    You can check disabled functions easier using reflection:
    PHP Code:
    $sFunc 'exec';
    $rf = new ReflectionFunction($sFunc);
    printf('Function %s is disabled? %d' PHP_EOL$sFunc$rf->isDisabled()); 
    Edit:
    Oops missed that you had another question here.
    shell_exec is similar but it captures all the program output. The exec only returns the last line of the command. You can give it an array for the second parameter to give you each line of the output as well.
    To help secure it you use the escapeshellcmd and escapeshellarg functions. Use carefully since if safe_mode is enabled (gone as of 5.4 as well), it will automatically call escapeshellcmd prior to executing.
    To really secure it, don't use it. If you have to use it, than limit what input it allows. You'll be quite safe if you do not allow user provided input. Otherwise, you escape it same as you do with MySQL's real_escape_string functions.
    Last edited by Fou-Lu; 01-10-2013 at 01:57 AM.

  • Users who have thanked Fou-Lu for this post:

    durangod (01-10-2013)

  • #4
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,441
    Thanks
    274
    Thanked 32 Times in 31 Posts
    Thanks Fou-Lu,

    I did find out that shell_exec just allows you to gather some system information but i dont know if it is safe to enable since it is disabled by default in most cases.

    Is shell_exec safe to enable?

  • #5
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Quote Originally Posted by durangod View Post
    Thanks Fou-Lu,

    I did find out that shell_exec just allows you to gather some system information but i dont know if it is safe to enable since it is disabled by default in most cases.

    Is shell_exec safe to enable?
    Its not less safe than exec or proc commands IMO if that helps. I typically have at least one system access method available (usually exec), so that I can use it to execute mysqldump utilities or whatever backup stuff I'm doing. Otherwise, I don't allow any user provided input into an system call.

  • #6
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,441
    Thanks
    274
    Thanked 32 Times in 31 Posts
    Yeah thanks, i dont even have access to the code i am using it thru whmcs for client side server status output. They tell me the only way to get the client side display of server load and uptime is to enable exec.

    That side of the process is in an encrypted file so i cant see the process but im confident since they are the pro's and they are telling me i need to use that then they know to use the escapeshellcmd and escapeshellarg functions. I would hope so anyway. (crossing my fingers here)


    I just have to convince my host that its safe is all.

  • #7
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Escapes are only needed if you actually allow input from a user. If you don't need input from a form or anything user provided, than you can hardcode in the commands without the escapes.

  • #8
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,441
    Thanks
    274
    Thanked 32 Times in 31 Posts
    OH OK so it really is just like the real_escape_string function cool. All they do is click a text link for server status and it shows them the status fields so no input at all.

    Thanks so much, really apprecaite it.

  • #9
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,441
    Thanks
    274
    Thanked 32 Times in 31 Posts
    See the whole deal here is that it shows on the admin side but not the client side so here is my idea if my host will not enable exec.

    Call the admin file thru ajax which displays

    0.42 68 Days 09:32:16 5.3.15 5.1.66 2.3.0

    as output when i run the file direct in the browser.

    Then create an array using explode and space as a delimeter and then since i do happen to have access to the tpl file i can just grab the item i want and display it in the template output in essence bypassing the client side display process and using the admin output (which does not need exec).

    How does that sound, sounds like it will work to me...

  • #10
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,441
    Thanks
    274
    Thanked 32 Times in 31 Posts
    well i got the ajax written and i got the auto form submit done with javascript and i have the output data stored in php.

    The issue im having is that this is the array output

    Array ( [0] => 0.42 68 [1] => Days

    and between the 42 and 68 i put some spaces for the explode but its not seeing them.

    it needs to split the element like this

    Array ( [0] => 0.42 [1]=> 68 [2] => Days

    I dont know why its not seeing the space between 42 and 68 which are as $load and $days. I built some spaces into $days itself to make sure it had leading spaces to test and still did not split it up..

    So im kinda puzzled on this one.


    UPDATE: looks like i got bigger issues than this, could not figure out why it was not changing even when i did the : as the delimeter and so in my testing i decided to just comment out all the output in the file to see if that affected it and it still show output so even thought im running that corrrect file and i have cleared my dns cache and browser cache im still showing output so somehow this file must be pulling it from somewhere else, but then why do they have all the echo's in the file, really strange.

    Ill be back when i figure this out grrrr..


    ANOTHER UPDATE: Yayyyyyy i got it


    Array ( [0] => 0.20 [1] => 68 Days [2] => 13 [3] => 39 [4] => 52 5.3.15 5.1.66 2.3.0 )

    the problem was i had to close all the browsers, and run ccleaner and then flush my dns cache manauly, i HATE cacheing it has cost me tons and tons of time trying to build something and refreshing the page, and i cant just log off every 20 min, i hate cache... grrrrrr
    Last edited by durangod; 01-10-2013 at 06:59 AM.

  • #11
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    You can typically force any non-cache call by appending a random querystring to the request.
    If you have a constant format: f i s i:i:i s s s you can use things like sscanf to pull it apart.
    PHP Code:
    $s '0.42 68 Days 09:32:16 5.3.15 5.1.66 2.3.0';
    $a sscanf($s'%f %d %s %d:%d:%d %s %s %s'); // can group the last sets using %[^$]s instead
    print_r($a); 
    This pulls out more than you have here, but I think it may be more worthwhile to do so. I don't know what this string represents, but it looks like maybe a load average, the uptime (day,month,year,etc) and time, and then three separate strings which I don't know what they mean. It may be easier to reassemble it into what it does mean in separate pieces (days may say years perhaps?) than leave it to its own string.
    Regex would be the next easiest way to split it up since its more flexible in what you can do with it.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •