Menu
I am trying to get exec working on a Windows server and receiving the error message "unable to fork". After googling the issue a bit, it seems the recommended fix is to give the IUSR account READ and EXECUTE permissions to c:\Windows\System32\cmd.exe.
But that has got be a major security hole right? Is it safe? Is there another way to execute [from php] an exe residing on the server?
237
It needs to execute cmd.exe because when the Windows PHP sees this:
exec("foo -bar -baz");
It calls this:
cmd /c foo -bar -baz
It's only a security hole if you let your user enter parameters. I.E., you shouldn't do this:
// DO NOT DO THIS!
exec("foo -bar=" . $_GET['bar']);
Instead, you should sanitize your parameters with escapeshellarg.
// This is okay. (Be sure foo.exe can handle unexpected input!)
exec("foo -bar=" . escapeshellarg($_GET['bar']));
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
