From owner-freebsd-isp@FreeBSD.ORG  Tue Jul 26 17:01:05 2005
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 30D1D16A41F
	for <freebsd-isp@freebsd.org>; Tue, 26 Jul 2005 17:01:05 +0000 (GMT)
	(envelope-from adam@oxeo.com)
Received: from mx1.oxeo.com (mx1.oxeo.com [66.230.153.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D6BC743D45
	for <freebsd-isp@freebsd.org>; Tue, 26 Jul 2005 17:01:04 +0000 (GMT)
	(envelope-from adam@oxeo.com)
Received: from mx1.oxeo.com (localhost.oxeo.com [127.0.0.1])
	by mx1.oxeo.com (Postfix) with ESMTP id 5C30984413;
	Tue, 26 Jul 2005 12:24:06 -0500 (EST)
Received: from [192.168.1.192] (newyork.oxeo.com [216.254.67.171])
	by mx1.oxeo.com (Postfix) with ESMTP id B66D384412;
	Tue, 26 Jul 2005 12:24:05 -0500 (EST)
In-Reply-To: <42E66986.4080004@chef-ingenieur.de>
References: <42E66986.4080004@chef-ingenieur.de>
Mime-Version: 1.0 (Apple Message framework v730)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <6B57C9BC-0815-4854-996A-F6AD3765DFEB@oxeo.com>
Content-Transfer-Encoding: 7bit
From: Adam Jacob Muller <adam@oxeo.com>
Date: Tue, 26 Jul 2005 12:59:20 -0400
To: Thomas Krause <freebsd-isp@chef-ingenieur.de>
X-Mailer: Apple Mail (2.730)
Cc: freebsd-isp@freebsd.org, David Hogan <david@fundamentalit.com>,
	"'Gustavo A. Baratto'" <gbaratto@superb.net>
Subject: Re: preventing a user to start a process
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2005 17:01:05 -0000

Pretty much the only "secure" option is to either
A.    run in a chroot jail
B.    run with any writable directories mounted noexec
or if your really paranoid, do both

Adam


On Jul 26, 2005, at 12:49 PM, Thomas Krause wrote:

>
>
> David Hogan schrieb:
>
>>> -----Original Message-----
>>> From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd- 
>>> isp@freebsd.org]
>>> On Behalf Of Thomas Krause
>>>
>>
>>
>>> I've searched all php-files for the system()-funktion - it's not
>>> possible for me do disable this function.
>>>
>> Can't you just use the 'disable_functions =' option in php.ini to  
>> disable
>> the php functions that can be used to spawn processes ?
>> You could use it to disable at least the following functions:
>> system()
>> exec()
>> passthru()
>> popen()
>> pcntl_exec()
>> shell_exec()
>>
>
> Unfortunately, that is not possible. E.g. typo3 calls Imagemagick,  
> so I need system().
>
> Regards,
> Thomas.
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
>