[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ping22: can not kill this process

Quoting Luis Mondesi (lemsx1@gmail.com):

> It's time to tell PHP (via php.ini) not to allow any of those
> functions that allow executing stuff from the system (system,
> passthru, whatever).

Amen to that.  Good starting point:
  disable_functions = system, exec, passthru, popen, escapeshellcmd, shell_exec

Looking at the typical php.ini is faintly terrifying, starting with the
almost invariably ignored warning comments at the top, saying these
settings are for development environments only, and should never be
exposed to public networks.

(I have various modest recommendations in "PHP" on
http://linuxmafia.com/kb/Security/ .)

Reply to: