Results 1 to 5 of 5
  1. #1
    Join Date
    Aug 2009
    Location
    Where you live
    Posts
    39

    Exclamation Is shell_exec dangerous?

    My existing web host has disabled shell_exec and one of my php scripts requires it to work, so is shell_exec dangerous? Would you have it enabled on your servers or is it typical for it to be disabled?


  2. #2
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,750
    It will allow the user to run shell commands using php script. If there is any vulnerable php script where a user from outside the server can gain access, he can run the shell commands and see server details. We can enable it for certain purpose and after that it would be safe to turn it off.
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  3. #3
    Join Date
    Mar 2008
    Posts
    1,717
    To be honest, if your script requires shell_exec(), and doesn't have a really good reason for it... then you should probably just find another script because there's better ways to accomplish almost anything that can be done with shell_exec(). Chances are pretty good that the script is poorly written and would result in your site getting hacked anyway.
    I used to run the oldest commercial Mumble host.

  4. #4
    Quote Originally Posted by SubS[T] View Post
    My existing web host has disabled shell_exec and one of my php scripts requires it to work, so is shell_exec dangerous? Would you have it enabled on your servers or is it typical for it to be disabled?

    I would recommend to have shell_exec function disabled server wide as it is use to execute shell commands using a PHP script. You should better look for an alternative function to have your script work for the sake of your website as well as the server your website is hosted on.
    | LinuxHostingSupport.net
    | Server Setup | Security | Optimization | Troubleshooting | Server Migration
    | Monthly and Task basis services.
    | MSN : madaboutlinux[at]hotmail.com | Skype : madaboutlinux

  5. #5
    We would also recommend having shellexec() disabled and go for some alternative solution to meet your requirement.

Similar Threads

  1. shell_exec
    By JacobHaug in forum Hosting Security and Technology
    Replies: 4
    Last Post: 03-17-2008, 09:45 PM
  2. shell_exec() not working
    By helpwanted123 in forum Programming Discussion
    Replies: 2
    Last Post: 01-01-2007, 09:52 PM
  3. enable shell_exec
    By r00t pAsSw0rd in forum Hosting Security and Technology
    Replies: 1
    Last Post: 11-05-2006, 12:18 PM
  4. php shell_exec
    By renegadeavenger in forum Programming Discussion
    Replies: 3
    Last Post: 06-10-2006, 03:44 AM
  5. Log for php shell_exec
    By rumahweb in forum Hosting Security and Technology
    Replies: 1
    Last Post: 04-30-2006, 09:36 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •