Date: Tue, 26 Jul 2005 12:59:20 -0400 From: Adam Jacob Muller <adam@oxeo.com> To: Thomas Krause <freebsd-isp@chef-ingenieur.de> Cc: freebsd-isp@freebsd.org, David Hogan <david@fundamentalit.com>, "'Gustavo A. Baratto'" <gbaratto@superb.net> Subject: Re: preventing a user to start a process Message-ID: <6B57C9BC-0815-4854-996A-F6AD3765DFEB@oxeo.com> In-Reply-To: <42E66986.4080004@chef-ingenieur.de> References: <42E66986.4080004@chef-ingenieur.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Pretty much the only "secure" option is to either A. run in a chroot jail B. run with any writable directories mounted noexec or if your really paranoid, do both Adam On Jul 26, 2005, at 12:49 PM, Thomas Krause wrote: > > > David Hogan schrieb: > >>> -----Original Message----- >>> From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd- >>> isp@freebsd.org] >>> On Behalf Of Thomas Krause >>> >> >> >>> I've searched all php-files for the system()-funktion - it's not >>> possible for me do disable this function. >>> >> Can't you just use the 'disable_functions =' option in php.ini to >> disable >> the php functions that can be used to spawn processes ? >> You could use it to disable at least the following functions: >> system() >> exec() >> passthru() >> popen() >> pcntl_exec() >> shell_exec() >> > > Unfortunately, that is not possible. E.g. typo3 calls Imagemagick, > so I need system(). > > Regards, > Thomas. > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6B57C9BC-0815-4854-996A-F6AD3765DFEB>