StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PORun executable from php without spawning a shell
primarykey
Id
16595044
data
AcceptedAnswerId
0
AnswerCount
3
ClosedDate
CommentCount
32
CommunityOwnedDate
CreationDate
2013-05-16T18:42:18.963
FavoriteCount
5
LastActivityDate
2013-08-08T10:13:15.183
LastEditDate
2013-05-28T20:19:23.447
LastEditorUserId
1429390
OwnerUserId
1429390
ParentId
0
PostTypeId
1
Score
40
ViewCount
5551
LastEditorDisplayName
text
Body
I need to call an executable from an imposed context of a PHP script. Both performance and security wise it's better not to call a shell at all between web server process and executable. Of course I searched the web, without success (in such a PHP context). Many other languages allow that and document it clearly. Alas, backticks, <code>exec()</code>, <code>shell_exec()</code>, <code>passthru()</code>, <code>system()</code>, <code>proc_open()</code>, <code>popen()</code> call a shell. And <code>pcntl_fork()</code> seems unavailable. <h1>How to test if a function calls a shell or not.</h1> This was tested on a Debian 6 64bit with PHP 5.3.3-7+squeeze15 . Test code on <a href="http://pastebin.com/y4C7MeJz" rel="noreferrer">http://pastebin.com/y4C7MeJz</a> To get a meaningful test I used a trick which is to ask to execute a shell command not also available as an executable. A good example is <code>umask</code> . Any function returning something like 0022 definitely called a shell. <code>exec()</code>, <code>shell_exec()</code>, <code>passthru()</code>, <code>system()</code>, <code>proc_open()</code> all did. See detailed results on <a href="http://pastebin.com/RBcBz02F" rel="noreferrer">http://pastebin.com/RBcBz02F</a> . <h1>pcntl_fork fails</h1> Now, back the the goal : how to execute arbitrary program without launching a shell ? Php's exec takes as expected an array of string args instead of a unique string. But pcntl_fork just stops the requests without even a log. Edit: pcntl_fork failure is because the server uses Apache's mod_php, see <a href="http://www.php.net/manual/en/function.pcntl-fork.php#49949" rel="noreferrer">http://www.php.net/manual/en/function.pcntl-fork.php#49949</a> . Edit: added <code>popen()</code> to the tests, following @hakre suggestion. Any hint appreciated.
Tags
<php><performance><security><shell>
Title
Run executable from php without spawning a shell
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USStéphane Gourichon
UserOwnerUserId
1. USStéphane Gourichon
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PORun executable from php without spawning a shell
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PORun executable from php without spawning a shell
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PORun executable from php without spawning a shell
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.