Solved

inexplicable PHP behaviour(!?)

Posted on 2008-06-12
8
170 Views
Last Modified: 2013-12-13
i have a snippit of PHP code which refuses to do the biz and i cannot for the life of me see why...
there is a simple (bespoke) binary ('mybin') which has 755 permissions and which maps an input string to stdout, eg:  %  echo "my_string" | mybin > outfile  ... which works fine as a shell cmd...

now in my php script i coded both:
     exec("echo $string_var | mybin > outfile");
and
     exec("cat text.file | mybin > outfile");
... but each of these produce empty output files... i have plenty other 'exec's in my script which are fine... the darn' thing just seems to want to ignore 'mybin' (which was built on the host m/c)... i even tried restarting the apache httpds...  ...no comprendo...  


 

0
Comment
Question by:shallxrg
  • 5
  • 2
8 Comments
 
LVL 4

Expert Comment

by:afzz
ID: 21771543
Instead of exec try the following if it works. Also try putting the full path to echo & cat like /bin/cat
`echo $string_var | mybin > outfile`;

`cat text.file | mybin > outfile`;

Open in new window

0
 
LVL 9

Accepted Solution

by:
Rurne earned 125 total points
ID: 21771672
Where is 'mybin' saved at?  If you have anything like open_basedir or include_path in play and mybin is not in your DocumentRoot, you may simply not be able to see where the program is.
0
 

Author Closing Comment

by:shallxrg
ID: 31466614
thanks rurne... but see the comment i added for general view
cheers
roger
0
 

Author Comment

by:shallxrg
ID: 21776965
rurne's solution was 'correct'... i moved 'mybin' from '/bin' to the docroot directory, and bingo... however, i cannot understand why the shell() and backtick commands can cheerfully invoke other executable binaries from /bin (eg gunzip) and yet not the bespoke binary 'mybin' .... permissions were ok ... still don't understand!
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:shallxrg
ID: 21777165
this is quite possibly a nugget of info... i just discovered that the PHP shell() command WILL run my executable from /bin but ONLY if the binary is stripped(!!?!!)... (it will run it from the docroot directory whether or not it is stripped)

i simply did :  strip -s '/bin/mybin' and off she went....

WEIRD!
0
 

Author Comment

by:shallxrg
ID: 21778591
cancel that last post... i think i just got confused
0
 
LVL 9

Expert Comment

by:Rurne
ID: 21781039
I'd highly recommend checking your Apache configuration for any open_basedir or include_path directives.  Alternatively, you could be running in safe mode, which is not recommended (and deprecated in current versions of PHP for its bugginess).  That would be why you could access something from the command line and not from CGI or ISAPI mode.

HTH.
0
 

Author Comment

by:shallxrg
ID: 21785508
check.... thanks for the tip... i'll do that next i'm back in the office... today is saturday and SUNNY :-)
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now