PHP extension used to prevent sudo command in exec(), system(), passthru(), shell_exec(), proc_open(), popen() commands.
- PHP-5.2 +
$/path/to/phpize
$./configure --enable-safeexec
$make && make install
- ; Disallow sudo commands
- safeexec.dissallow_sudo_command=1
- ; Disallow all commands except php.
- safeexec.dissallow_all_expect_php=0
<?php
// This command will cause error.
echo exec('sudo cat /etc/passwd');
// This command will execute normally.
echo exec('whoami');
// if safeexec.dissallow_all_expect_php is on
// This command will cause error.
echo exec('whoami');
// This command will execute normally.
echo exec('php -r "echo \'Hello\';"');