php's exec function

Dear Experts,

I have a php page which uses the following line:

exec("sh", $retval);

I have in the same directory as my php page,  How do I make safe?  What permissions should it be set too?

Who is Participating?
As you don't use input data from the user:
exec("sh", $retval);

 this should be reasonably safe. If you intend to in the future, this would be a major point to think about.

All depends on what your script does, and how safe this script is in itself (even indirect threats - overusage/DoS?).
 You should use the minimal permission set that works for you. Maybe:
chmod 0500
would suffice, depends on your server config (if not, try chmod 0550

It would be probably good to avoid listing the content of the script to the outside world (.htaccess, permissions, moving it out of web root?).
narmi2Author Commented:
The script downloads a file from the internet, processes it to create another file based on the original downloaded file, then deletes the original downloaded file.
In this case it wouldn't hurt to move the script and all the processing (temp files) out of your website directory if it's feasible.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.