0
echo system("/usr/bin/whoami", $ret);
echo $ret;

PHP 4.3.9 on Apache 2.0.52, CentOS 4.5. Safe mode is off, I can run programs as the apache user account from the command line, but all programs run from PHP fail with exit code 127.

Zak
  • 1,157
  • 8
  • 15
  • Did you try calling php mywhoami.php from CLI? You probably access it through the browser. For me it works both ways. – GrGr Jun 26 '09 at 09:10
  • 1
    The shell (system() uses "/bin/sh -c ...") returns with exit code 127 when it can't find the command to be executed. – Milen A. Radev Jun 26 '09 at 13:50

1 Answers1

1
  • See if /usr/bin/whoami exists, and is executable (and readable, mode xx5) by anyone.
  • See php.ini on doc_root and user_dir, if those are set they can limit what you can execute.
  • If your Apache or PHP is chrooted, you need to put the application to execute into the chroot.
  • If there's some other security system or RBAC running on the machine, see dmesg or log files in /var/log/.
  • Don't forget to use &$ret instead of $ret.
  • See PHP's exec() and passthru(), different functions might work for different situations.
  • Know that there's a different php.ini for Apache, and a different one for cli use.