Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- function dump_all($vars, $msg) {
- echo '<div style="border : 1px solid black ; padding : 1px 0.5em ; margin : 0.5em;">';
- if (!empty($msg)) {
- echo "<h4 style='margin : 0.5em 0em'>$msg</h4>";
- }
- echo "<pre>";
- print_r($vars);
- echo "</pre>";
- echo '</div>';
- }
- function test_exec($commandtotest) {
- $output = exec($commandtotest, $output, $rc);
- dump_all(get_defined_vars(), "exec");
- // => exec calls a shell
- }
- function test_shell_exec($commandtotest) {
- $output = shell_exec($commandtotest);
- dump_all(get_defined_vars(), "shell_exec");
- // => shell_exec calls a shell
- }
- function test_backtick($commandtotest) {
- $output = `$commandtotest`;
- dump_all(get_defined_vars(), "backtick");
- // => `` calls a shell
- }
- function test_passthru($commandtotest) {
- $output = passthru($commandtotest, $rc);
- dump_all(get_defined_vars(), "passthru");
- // => `` calls a shell
- }
- function test_system($commandtotest) {
- $output = system($commandtotest, $rc);
- dump_all(get_defined_vars(), "system");
- // => `` calls a shell
- }
- function test_popen($commandtotest) {
- $handle = popen($commandtotest, "r");
- $read = fread($handle, 2096);
- dump_all(get_defined_vars(), "popen");
- pclose($handle);
- // => `` calls a shell
- }
- // From http://www.php.net/manual/en/function.proc-open.php
- function test_proc_open($commandtotest) {
- $descriptorspec = array(
- 0 => array("pipe", "r"), // stdin is a pipe that the child will read from
- 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
- 2 => array("file", "/tmp/error-output.txt", "a") // stderr is a file to write to
- );
- $cwd = '/tmp';
- $env = array('some_option' => 'aeiou');
- $process = proc_open($commandtotest, $descriptorspec, $pipes, $cwd, $env);
- if (is_resource($process)) {
- // $pipes now looks like this:
- // 0 => writeable handle connected to child stdin
- // 1 => readable handle connected to child stdout
- // Any error output will be appended to /tmp/error-output.txt
- fwrite($pipes[0], '<?php print_r($_ENV); ?>');
- fclose($pipes[0]);
- echo stream_get_contents($pipes[1]);
- fclose($pipes[1]);
- // It is important that you close any pipes before calling
- // proc_close in order to avoid a deadlock
- $return_value = proc_close($process);
- echo "command returned $return_value\n";
- }
- dump_all(get_defined_vars(), "proc_open");
- }
- function launchchild($programexe,$programvars)
- {
- dump_all(get_defined_vars());
- if (! function_exists('pcntl_fork')) { print('PCNTL functions not available on this PHP installation') ; return; }
- switch ($pid = pcntl_fork()) {
- case -1:
- // @fail
- print "fail";
- throw new Exception("Could not fork.");
- break;
- case 0:
- // @child: Include() misbehaving code here
- print "FORK: Child #{$x} \\n";
- dump_all();
- echo "child after fork:", getmypid(), PHP_EOL;
- pcntl_exec($programexe,$programvars);
- // generate_fatal_error(); // Undefined function
- break;
- default:
- // @parent
- print "FORK: $x Parent\\n";
- echo "parent after fork:", getmypid(), PHP_EOL;
- // pcntl_waitpid($pid, $status);
- break;
- }
- print "Done! :^)\\n\\n";
- }
- ////////////////////////////////////////////////////////////////////////
- $commandtotest='umask';
- /*
- | `-apache2,24369 -k start
- | `-sh,4142 -c /bin/sleep 10
- | `-sleep,4143 10
- */
- test_exec($commandtotest);
- test_shell_exec($commandtotest);
- test_backtick($commandtotest);
- test_passthru($commandtotest);
- test_system($commandtotest);
- test_popen($commandtotest);
- test_proc_open($commandtotest);
- // Variant : use $commandtotest='/bin/sleep 10';
- /*
- During the 10 seconds the request runs, do:
- pstree -hpla | grep -i sleep -C 3
- and see if a "sh" sits between apache and sleep.
- | |-apache2,19873 -k start
- | | `-sh,4118 -c /bin/sleep 10
- | | `-sleep,4119 10
- test_proc_open($commandtotest);
- */
- launchchild("umask");
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
