Restricting the execution of commands in PHP under Windows

crimsontwo

Hi,

I have the following in php.ini:

safe_mode = 1
safe_mode_exec_dir = "D://TEST"

This way I can execute files located in TEST.

However, running the following code bypasses that directory and runs stuff from other locations:

$runCommand = "C:\WINDOWS\system32\shutdown.exe -t:30";
$WshShell = new COM("WScript.Shell");
$output = $WshShell->Exec($runCommand)->StdOut->ReadAll;

How do I prevent people from executing ANYTHING unless it is located in safe_mode_exec_dir?

Thanks in advance.

NogDog

All I can think of to do from the PHP end of things is:

$runCommand = ini_get('safe_mode_exec_dir') . "\\" . basename($runCommand);

crimsontwo

NogDog wrote:
All I can think of to do from the PHP end of things is:
$runCommand = ini_get('safe_mode_exec_dir') . "\\" . basename($runCommand);

Thanks, but I don't think this will help. Basically, I want to allow users to run any executable located in the folder specified by safe_mode_exec

However, that little code that I gave example of bypasses that directory. I need to do something on a global level to prevent them from running files.

NogDog

Did you try it? I tested it locally and it seemed to work fine.

<pre>
<?php
$runCommand = "C:\\WINDOWS\\system32\\shutdown.exe -t:30";
$runCommand = ini_get('safe_mode_exec_dir') . "\\" . basename($runCommand);
echo ini_get('safe_mode_exec_dir') . "\n";
echo $runCommand;
?>
</pre>

Output:

C:\TEST
C:\TEST\shutdown.exe -t:30

crimsontwo

NogDog, your code works (doing whatever it does) but it does not prevent my users creating an object (WScript.Shell) and executing all commands. I might not have expressed myself correctly... I do not want anyone running scripts on my Windows server be able to execute any system files/etc. unless they those files are located in a specified by myself directory. basically, I want to tell PHP: "do not let anyone run anything if it is not in c:\test\"

NogDog

Right. And if you filter their inputs through that one line of code I suggested, it replaces whatever directory they may try to specify via the $runCommand variable with your safe_mode_exec_dir value instead, thus making all such commands only run if the executable is in that directory. So in my example, unless you have an executable named shutdown.exe in the C:\TEST directory, then nothing will execute and the most you will get is an error message.

crimsontwo

NogDog wrote:
Right. And if you filter their inputs through that one line of code I suggested, it replaces whatever directory they may try to specify via the $runCommand variable with your safe_mode_exec_dir value instead, thus making all such commands only run if the executable is in that directory. So in my example, unless you have an executable named shutdown.exe in the C:\TEST directory, then nothing will execute and the most you will get is an error message.

But where do I include this code? Let's say I am a hosting provider.

NogDog

I was assuming you were writing a specific PHP script, and needed to prevent users of that script from running COM-initiated commands outside of that directory. If you are looking for some sort of global restriction on the server to regulate scripts made by site owners on that server, that's a whole other issues. At that point I think you are outside of the realm of PHP configurations and will have to look to access control via Windows and/or COM. As that is not an area I'm particularly knowledgeable about, I'd have to leave that solution to others.

crimsontwo

I gathered you were assuming that I was simply running a script and getting input from users via web site. Thanks for trying to help though!!!