Em Terça 24 Abril 2007 10:07, Tijnema ! escreveu:
> On 4/23/07, Davi <davividal@xxxxxxxxxxxxxxxx> wrote:
> > Em Domingo 22 Abril 2007 03:12, Richard Lynch escreveu:
> > > On Fri, April 20, 2007 3:00 pm, Nathaniel Hall wrote:
> > > > <?php $MAC = system("arp 192.168.200.254"); echo $MAC; ?>
> > > > does not give me any
> > > > output. I have copied arp to a place that the apache user can execute
> > > > from and ensured arp is executable.
> > >
> > > Use exec and the extra args to get error codes.
> >
> > ARP is a root-command... =]
>
> Ok, maybe it's because i've builded my own Linux, and didn't wanted to
> have any security, but /sbin/arp has chmod value 755 on my system, and
> so, i can execute it with any user.
>
cheatter... =P
> > > Can you run 'arp' and get what you want from command line?
> >
> > As web-user? No.
>
> i can :)
>
cheatter... =P
> > > Can you 'su' to PHP user and *then* run it and get what you want?
> >
> > Hum... Not at all... You need to enter the root password... How can you
> > do that?
> > sudo sounds a little better... But... How about security?
>
> Hmm, that would mean that you have to store your root password in your
> PHP script ... I don't prefer that, maybe you could use it on a
> development server, but don't use it on production server ;)
>
Yes... You store your root pwd in your script then:
<?php
$root_pwd="123456";
echo system("su - -c arp");
?>
$ su - -c arp
Password:
How you'll type your root pwd? =P
> > > If not, you can't do that.
> >
> > And with a shell-script outputting the MAC to a .txt temp file, reading
> > it from the PHP script?
#!/bin/bash
if [ ! $# -eq 1 ]; then
echo "Usage: $0 target_ip";
exit;
fi;
MAC_ADDR=`sudo arp | grep $1 | cut -d" " -f18`
echo ${MAC_ADDR} > /your/html/pub/dir/mac_temp.txt
<?php
$mac=file("mac_temp.txt");
foreach($mac_addr as $mac){
echo $mac_addr;
}
?>
> >
> > BTW, have a look at suPHP [1]... =]
> >
> > [1] - http://www.howtoforge.com/suphp_debian_etch_ispconfig
>
> That's really a big job to install :(
Yeah!! =P
--
Davi Vidal
davividal@xxxxxxxxxxxxxxxx
davividal@xxxxxxxxx
--
"Religion, ideology, resources, land,
spite, love or "just because"...
No matter how pathetic the reason,
it's enough to start a war. "
Attachment:
pgpYw6SbLQhlX.pgp
Description: PGP signature
