I want to run a command line program with PHP script. What are the security issues of doing this on VPS?
I've heard a lot that this is not secure. But want to know how exactly? Also, what will be the best way to run the command then.
EDIT: I want to run cutycapt (a screenshot tool) along with xvfb-run (virtual window). So it will require privileges.
Allowing your script to run command-line tools may or may not be secure. It depends greatly on what you are doing.
Consider the following two scenarios:
A script that runs ls /tmp and displays the output
This is probably fine. You may have an information leak (someone hitting the page knows the contents of /tmp on the server, which may give them ideas on how to bypass your security).
A script that greps for a user-specified string in a file
This is probably NOT fine: The script will call something like system("grep $user_string /some/file"), and a creative attacker can figure out what it's doing, insert an extra ; into the $user_string bit, and then run arbitrary code as the web server's user.
There are mitigating steps you can take to deal with (2) above (PHP has escapeshellarg() and escapeshellcmd() to help you out), but the bottom line is any time you allow a web application to execute commands you open yourself up for command injection attacks, and you need to thoroughly plan, audit and secure your code (including the command you're calling) to make sure you don't leave yourself open to attack.
If what you are trying to do can be accomplished with (securely-written) native PHP that's almost always a better option for both speed and security.
To run things under apache, including via PHP, with privilege, there seems to be some agreement that passwordless sudo is the right tool.
how do i perform root actions from non-root account? is an earlier answer of mine that discussed this in more detail and gives examples, which seems to have received some approval.
What I would suggest is I write up a shell script that includes any and all commands that needs to be run. So PHP would not be running the command directly rather using the wrapper script to accomplish what is required. Further, you could use sudo and edit sudoers as necessary to help you run commands that need higher privileges.
