How do I prevent PHP from executing shell commands?
Solution 1
You may want to look at the open_basedir config parameter. Not really an answer to your question, but it is related. It's a good idea to set a basedir per site like "/var/www/site:/usr/share/php:/tmp". (The /usr/share/php can be different on each machine).
To really answer your question: you can also put this in a .htaccess:
<Files *.sh>
ForceType 'text/plain; charset=UTF-8'
</Files>
Solution 2
Apache, on its own, cannot "execute" bash scripts or commands. I think the question you're really asking is, "How can I prevent PHP from executing shell commands?".
Unfortunately the other two answers here are incorrect and provide inadequate solutions to accomplish this.
open_basedir only affects what files can be opened by PHP, e.g. through fopen(). You can test that shell commands can still be executed using this trivial code:
<?php
ini_set('open_basedir', '/tmp');
system('ls');
To truly restrict what shell commands can be executed by PHP you must utilize safe mode. You should be aware however that safe mode is deprecated in PHP 5.3 and will certainly be removed in a future version. Enabling safe mode restricts the access to a number of "unsafe" functions, notably exec(), system(), and passthru().
However, again you should be aware that the use of safe mode is highly discouraged.
Once safe mode is removed, you will no longer possess the means to restrict what commands can be executed by PHP.
Solution 3
You can disable access to specific functions in PHP using the disable_functions directive in php.ini, eg:
disable_functions = exec,system,print
Alternatively if you want to prevent PHP from editing the contents of other text files (as stated in your comment) you can protect them with file system permissions - make it so the webserver user (or the user that PHP executes as) doesn't have write permission to the files.
ref:
http://www.cyberciti.biz/faq/linux-unix-apache-lighttpd-phpini-disable-functions/
http://www.webhostgear.com/319.html
Related videos on Youtube
12 : 02
07 : 43
41 : 36
06 : 12
02 : 34
B14D3
Updated on September 17, 2022Comments
-
B14D3 over 1 year
how to prevent apache from executing bash scripts?? That any php script can't execute command in bash (for example command that will add links to my php and html files). Is there a way to do that??
EDIT: I had on my mind any bash command not only .sh files
-
hobodave over 13 yearsThis question should be "How do I prevent PHP from executing shell commands?"
-
-
B14D3 over 13 yearsmaybe i asked in wrong way... it's about all commands in bash not only bash scripts in sh file
-
Halfgaar over 13 yearsI'm guessing you just mean system commands, like /bin/rm? Use open_basedir to restrict access.
-
B14D3 over 13 yearsI want to prevent php scripts from adding,editing deleting a text(links) in other php and html files
-
hobodave over 13 yearsThis answer is incorrect. open_basedir does not prevent execution of bash commands. Readers would be wise to not follow this advice.
-
Halfgaar over 13 yearsThat's why I said it wasn't really the answer to his question...
