A tool to execute PHP scripts

Re: A tool to execute PHP scripts

On 2004-01-07, Pedro Graca <hexkid@hotpop. com> wrote:[color=blue]
> Tim Van Wassenhove wrote:[color=green][color=darkred]
>>> $user_input = 'implode("", file("/etc/passwd"))';[/color][/color]
>[color=green][color=darkred]
>>> and a lot more of evil things :)[/color][/color]
>[color=green]
>> Thats why they invented shadow passwords :P
>> (Assuming your webserver isn't running under uid 0)[/color]
>
> What about
>
> `rm -rf *`
>
> Does the webserver has write-access to the directory the scripts are in?
> Do you have a backup of them?[/color]


I have umask 0700, and only give rights where it is absolutely necessary
;)

Oh yeah, and with duplicity and a little script i wrote, i do have a
nice backup system :)

Having safe_mode enabled has its advantages too ;)

--

Re: A tool to execute PHP scripts

Tim Van Wassenhove wrote:[color=blue]
> On 2004-01-07, Pedro Graca <hexkid@hotpop. com> wrote:[color=green]
>> Does the webserver has write-access to the directory the scripts are in?
>> Do you have a backup of them?[/color][/color]
[color=blue]
> I have umask 0700, and only give rights where it is absolutely necessary
> ;)[/color]

good !
[color=blue]
> Oh yeah, and with duplicity and a little script i wrote, i do have a
> nice backup system :)[/color]

Very Good! Have to make my own backup system some day :)
[color=blue]
> Having safe_mode enabled has its advantages too ;)[/color]

Agreed ... but here I'm not sure the advantages outweigh the
disadvantages. I prefer to be able to do _everything_ except what I
specifically disallow.

When I make a script I always have this saying present in my mind:
"Never trust the input from a user."
--
--= my mail box only accepts =--
--= Content-Type: text/plain =--
--= Size below 10001 bytes =--

Re: A tool to execute PHP scripts

I have done it in the inittab, but in this case, I do not want it to start
when the server starts.
hmm, ill work on it.

--
Mike Bradley
http://www.gzentools.com -- free online php tools
"Pedro Graca" <hexkid@hotpop. com> wrote in message
news:btgtmi$6vs 8t$1@ID-203069.news.uni-berlin.de...[color=blue]
> CountScubula wrote:[color=green]
> > hey, you know linux,[/color]
>
> No, I don't, I know (language exaggeration) only the few things I dealt
> with to have my computer running and make me feel safe.
>[color=green]
> > what was the command to start a proccess, and if it dies, have it
> > automaticaly restart?
> > as in 'respawn' in inittab?[/color]
>
> I have a similar thing with a program that checks wether its running at
> startup: I made a crontab entry to start that program every hour; if it
> verifies it is already running, it won't start a second instance.
> --
> --= my mail box only accepts =--
> --= Content-Type: text/plain =--
> --= Size below 10001 bytes =--[/color]

Re: A tool to execute PHP scripts

"Pedro Graca" <hexkid@hotpop. com> wrote in message
news:bth569$7bd 56$1@ID-203069.news.uni-berlin.de...[color=blue]
> When I make a script I always have this saying present in my mind:
> "Never trust the input from a user."
> --
> --= my mail box only accepts =--
> --= Content-Type: text/plain =--
> --= Size below 10001 bytes =--[/color]


I agree 110%, but sometimes, we lose sight becouse we are excited about what
we wrote, and we sometimes miss certain things, oh, i dunno like the ``
BACKTICKS :)



--
Mike Bradley
http://www.gzentools.com -- free online php tools

Re: [OT] Re: A tool to execute PHP scripts

I noticed that Message-ID:
<abc4d8b8.04010 62209.55867252@ posting.google. com> from R. Rajesh Jeba
Anbiah contained the following:
[color=blue]
>--
>Mike Bradley
>http://www.gzentools.com -- free online php tools
>
> Recently someone in c.l.c pointed out my faulty sig-marker. The
>sig-marker should be "-- " (i.e., dash-dash-space-newline). Now, I'd
>like to let you know that.[/color]

The stripping of trailing space is a well known Outhouse Express
'feature'.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Re: [OT] Re: A tool to execute PHP scripts

Geoff Berrow wrote:
[color=blue]
> The stripping of trailing space is a well known Outhouse Express
> 'feature'.[/color]

That particular nuisance is fixable by installing and using Dominik
Jain's OE-QuoteFix.

--
Jock

Re: A tool to execute PHP scripts

CountScubula wrote:[color=blue]
> hey, you know linux,
>
> what was the command to start a proccess, and if it dies, have it
> automaticaly restart?
> as in 'respawn' in inittab?[/color]

ISTR it's daemon (sorry for butting in)

Cheers,


Andy

Re: A tool to execute PHP scripts

"Andy Jeffries" <news@andyjeffr ies.remove.co.t his.uk> wrote in message
news:btu5e8$53t $1@sparta.btint ernet.com...[color=blue]
> CountScubula wrote:[color=green]
> > hey, you know linux,
> >
> > what was the command to start a proccess, and if it dies, have it
> > automaticaly restart?
> > as in 'respawn' in inittab?[/color]
>
> ISTR it's daemon (sorry for butting in)
>
> Cheers,
>
>
> Andy[/color]

by all means please do,

here is my problem, I have a small daemon I wrote in C, I havent figured
out why it dies yet, I havnt been around when it crashes.

So in the interum I would like it to be relaunched if it crashes. It is not
a true daemon yet, untill I solve this crash problem.

one of the stupid workaround I did was this:

on the command line, I type
php keepup.php &

here is the keepup.php script
<?php
set_time_limit( 0);
while (true){
`/usr/bin/testdaemon`;
}
?>

This way if it crashes, it get relaunched,


--
Mike Bradley
http://www.gzentools.com -- free online php tools