Am I missing something about escapeshellarg

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I just posted the following at

"http://stackoverflow.com/questions/3481880/what-php-extensions-are-preferred-and-what-about-security-preferences/5223539#5223539";

Am I missing anything or are all these guides and hosts either not
disabling enough functions or disabling security aids to give warning
messages with dangerous results.

_________________________________________________________________________
"Why do so many hosts and guides disable escapeshell[arg|cmd] which are
security aids!!!! and leave shell_exec enabled.

Leads to opening up your servers to untrusted execution due to things
like this.

"http://www.silverstripe.org/hosting-requirements/show/10777";

The only thing I can think of is using it twice might cause problems
and safe mode used to be widespread and so would apply escapeshellcmd
automatically And now the hosts just copy configs blindly and in error
and don't understand and so trust the 100s of threads that say you
should do this.

Yeah, use it as reference, I'm looking at it, but don't trust it
because some "good" host uses it"
__________________________________________________________________________

Surely this matters more than removing safe mode despite defence in
depth because users believe it to be a safety blanket and may not also
use chroot and permissions etc.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux