shell_exec("zip.. ?

Sam Smith <php@xxxxxxxx> · Wed, 03 Aug 2005 19:19:58 -0700

shell_exec("zip -r ddd ddd"); // don't work

safe_mode off, works from command line php. What could it be?

Details:

drwxr-xr-x  2 zamzmith  zamzmith  512 Aug  3 18:34 execTest/
-rw-r--r--  1 zamzmith  zamzmith  107 Aug  3 18:33 mkdir.php

mkdir.php:
<?php
shell_exec("mkdir ddd; touch ddd/fff;");
?>

execTest$ php mkdir.php

execTest$ ls -l
drwxr-xr-x  2 zamzmith  zamzmith  512 Aug  3 18:36 ddd
-rw-r--r--  1 zamzmith  zamzmith  109 Aug  3 18:36 mkdir.php

#OK works from command line php

Let's delete ddd and have the web server run it:
http://dom.com/execTest/mkdir.php

Nope, probably permissions:

execTest$ chmod 777 ../execTest

Try again:
http://dom.com/execTest/mkdir.php

Yup.

Now let's see if we can delete it.
rm.php:
<?php
shell_exec("rm -r ddd");
?>

http://dom.com/execTest/rm.php

Yup, makes sense, user httpd created it.

Now let's zip it.
zip.php:
<?php
shell_exec("mkdir ddd; touch ddd/fff;");
shell_exec("zip -r ddd ddd");
?>

http://dom.com/execTest/zip.php

NOPE can't zip, must be something I don't know.

drwxrwxrwx  3 zamzmith  zamzmith  512 Aug  3 18:49 execTest/
drwxr-xr-x  2 httpd     zamzmith  512 Aug  3 18:49 ddd
-rw-r--r--  1 zamzmith  zamzmith  109 Aug  3 18:36 mkdir.php
-rw-r--r--  1 zamzmith  zamzmith  109 Aug  3 18:44 rm.php
-rw-r--r--  1 zamzmith  zamzmith  107 Aug  3 18:49 zip.php

Let's try it form the command line php:

Delete it first:
execTest$ curl http://ssmith.com/execTest/rm.php
execTest$ php zip.php

Yup:
drwxr-xr-x  2 zamzmith  zamzmith  512 Aug  3 19:10 ddd
-rw-r--r--  1 zamzmith  zamzmith  264 Aug  3 19:10 ddd.zip
-rw-r--r--  1 zamzmith  zamzmith  109 Aug  3 18:36 mkdir.php
-rw-r--r--  1 zamzmith  zamzmith  109 Aug  3 18:44 rm.php
-rw-r--r--  1 zamzmith  zamzmith  107 Aug  3 18:49 zip.php

Better check safe_mode anyway:

phpinfo.php:
<?php
phpinfo();
?>

execTest: php phpinfo.php | grep safe
safe_mode => Off => Off
safe_mode_exec_dir => no value => no value
safe_mode_gid => Off => Off
safe_mode_include_dir => no value => no value
sql.safe_mode => Off => Off
Supported ciphers => cast-128 gost rijndael-128 twofish arcfour cast-256
loki97 rijndael-192 saferplus wake blowfish-compat des rijndael-256 serpent
xtea blowfish enigma rc2 tripledes
safe_mode_allowed_env_vars => PHP_ => PHP_
safe_mode_protected_env_vars => LD_LIBRARY_PATH => LD_LIBRARY_PATH

Hours lost, any help,

Thanks

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php