4

Are shell commands considered a legitimate programming interface? Specifically, is there anything wrong with executing bash shell commands on a linux application server from PHP pages or CGI files? Does this introduce efficiency or security issues?

Thanks

Yarin
  • 173,523
  • 149
  • 402
  • 512

2 Answers2

6

Sometimes OK, but...

Sometimes it's the best way to solve a problem.

But possible issues are:

Security

Look out for code injection if you aren't doing taint checking.

Performance

Running shell commands will involving forking the PHP interpreter and executing complex and relatively slow system calls. This is OK for a lightly loaded server but won't work for a busy site.

Synchronization

Ensuring that things happen in the right order avoids well-known problems called lost updates, dirty reads, and incorrect summaries. While shell commands are not by themselves a cause of any of these things, running them asynchronously can be, and increasing the complexity of your system will make it harder to analyze.

DigitalRoss
  • 143,651
  • 25
  • 248
  • 329
  • Sure. To process an image with ugly GD would be Ok, and with swift external imagemagick would be slow, haha – Your Common Sense Dec 26 '10 at 23:47
  • 2
    Using an external ImageMagick may well be superior from a memory usage standpoint as well, as processing images internally can explode the memory footprint of web servers, in fact, I've seen that happen. I did say that "sometimes it's the best way to solve a problem". – DigitalRoss Dec 26 '10 at 23:51
  • 2
    another example will be ffmpeg, not sure how to survive without shell – ajreal Dec 26 '10 at 23:54
  • Good points here- thanks. Where can I go to learn more about taint checking in this scenario? – Yarin Dec 27 '10 at 00:16
  • In the case of ImageMagick it can also be *necessary* to call the command line version since not all features of the various commands actually work from all languages. – sorpigal Dec 27 '10 at 16:52
0

If secure application and server, no.

Teson
  • 6,644
  • 8
  • 46
  • 69