Question about php.ini file.
I have disabled sensitive commands using the following line in php.ini
disable_functions = sytem, exec, shell_exec, passthru, popen, proc_open, proc_close
That way people can't do sensitive commands. However, it appears it works anyways...
system("cp -f /path/to/sensitive/info/file.txt /home/perpetrator/file.txt");
Yes, I know I could chmod 700 the info that is sensitive, but for reasons we don't need to go into it just won't work like that.
Am I making a syntax error in disable_functions that's making php ignore that line when php.ini is parsed on apache's startup?
(Yes, for the record I have restarted Apache using apachectl restart ;- )