[Resolved] [Resolved] exec_command...

AdamBrill

Is there a way to turn off exec_command without putting PHP into safe mode? I want to leave everything turned on except the exec_command... Is that possible? I have found a way(not that it was hard) to gain complete root access to any server through the exec_command, so I figured it would be in my best interest to disable it. 😉 I looked through php.ini but I couldn't seem to find anything pertaining to it... Thx for your help.

AdamBrill

Ok, I figured it out. 🙂 I posted 2 minutes too soon, LOL Anyway, this is how:

You can disable functions in this line(in php.ini):

disable_functions =

I changed this line to this:

disable_functions = shell_exec

And POOF! No more security hole. 😃