Alternatives to exec() or passthru()?

Cryo

Joined: 2004-10-08
Posts: 13

Posted: Thu, 2004-11-18 16:45

Hello, my previous webhost ninja-disabled gallery on all it's servers. Why? Apparently, the exec() function that gallery uses is a security flaw for linux servers. Via exec() function any linux command can be executed and poses a great risk to the server and hence been disbaled. It was suggested that you can bypass this with the passthru() function, but that does exactly the same thing as exec(), posing the same risk. The admins said that someone can run a script posing as user "nobody" causing great risk. It seems that a few more webhosts have adopted this as well (i've gone through two hosts already...). My suggestion would be to find a way to get around from using the exec() function for Gallery 2. This way, hosts won't be so paranoid about us commonfolk who just want to post our pictures.

h0bbel

Joined: 2002-07-28
Posts: 13451

Posted: Thu, 2004-11-18 17:23

Gallery 2 has a GD module that can be used even if exec() and it's "brothers" are disabled. GD has to be compiled into PHP though, but that has been standard for quite some time now.

signe

Joined: 2003-07-27
Posts: 2322

Posted: Thu, 2004-11-18 18:17

Cryo, your webhost is paranoid and from the sound of things, shouldn't really be in the webhosting business. A properly configured webserver, especially if it is intentionally configured for multi-user webhosting, should have no security issues with allowing users to use exec() or passthru(). Web hosting services which restrict those functions are just too lazy to configure their servers.

h0bbel's correct about G2, however. GD support has already been added, however in my own experience, GD is much slower than using NetPBM or ImageMagick via exec(), and it must be specifically enabled in PHP.

Cryo

Joined: 2004-10-08
Posts: 13

Posted: Fri, 2004-11-19 21:49

hehe, yeah, i cancelled my account. they had horrible service too. Thanks for the input guys, i knew it couldn't be such a huge security issue

Kuma

Joined: 2002-11-28
Posts: 8

Posted: Mon, 2004-11-29 22:33

Never use Hosting-pp.com webhosting service. This web hosting is so terrible that it is just not worth the time and effort fighting these morons on the most simple tasks.

Cryo Joined: 2004-10-08 Posts: 13	Posted: Thu, 2004-11-18 16:45
	Hello, my previous webhost ninja-disabled gallery on all it's servers. Why? Apparently, the exec() function that gallery uses is a security flaw for linux servers. Via exec() function any linux command can be executed and poses a great risk to the server and hence been disbaled. It was suggested that you can bypass this with the passthru() function, but that does exactly the same thing as exec(), posing the same risk. The admins said that someone can run a script posing as user "nobody" causing great risk. It seems that a few more webhosts have adopted this as well (i've gone through two hosts already...). My suggestion would be to find a way to get around from using the exec() function for Gallery 2. This way, hosts won't be so paranoid about us commonfolk who just want to post our pictures.
	XUser login Username: * Password: * Create new account Request new password
h0bbel Joined: 2002-07-28 Posts: 13451	Posted: Thu, 2004-11-18 17:23
	Gallery 2 has a GD module that can be used even if exec() and it's "brothers" are disabled. GD has to be compiled into PHP though, but that has been standard for quite some time now.

signe Joined: 2003-07-27 Posts: 2322	Posted: Thu, 2004-11-18 18:17
	Cryo, your webhost is paranoid and from the sound of things, shouldn't really be in the webhosting business. A properly configured webserver, especially if it is intentionally configured for multi-user webhosting, should have no security issues with allowing users to use exec() or passthru(). Web hosting services which restrict those functions are just too lazy to configure their servers. h0bbel's correct about G2, however. GD support has already been added, however in my own experience, GD is much slower than using NetPBM or ImageMagick via exec(), and it must be specifically enabled in PHP.

Cryo Joined: 2004-10-08 Posts: 13	Posted: Fri, 2004-11-19 21:49
	hehe, yeah, i cancelled my account. they had horrible service too. Thanks for the input guys, i knew it couldn't be such a huge security issue

Kuma Joined: 2002-11-28 Posts: 8	Posted: Mon, 2004-11-29 22:33
	Never use Hosting-pp.com webhosting service. This web hosting is so terrible that it is just not worth the time and effort fighting these morons on the most simple tasks.

Alternatives to exec() or passthru()?

XUser login