Question about php.ini file.
I have disabled sensitive commands using the following line in php.ini
disable_functions = sytem, exec, shell_exec, passthru, popen, proc_open, proc_close That way people can't do sensitive commands. However, it appears it works anyways... <?php echo getcwd(); system("cp -f /path/to/sensitive/info/file.txt /home/perpetrator/file.txt"); ?> Yes, I know I could chmod 700 the info that is sensitive, but for reasons we don't need to go into it just won't work like that. --- Am I making a syntax error in disable_functions that's making php ignore that line when php.ini is parsed on apache's startup? (Yes, for the record I have restarted Apache using apachectl restart ;- ) |
All times are GMT -5. The time now is 04:10 AM. |