php system命令在网页和命令行上执行结果不一致 -PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

php system命令在网页和命令行上执行结果不一致

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 pm 01:20 PM

linuxnbsprpm

php system命令在网页和命令行下执行结果不一致
大家好，现在我有一个文件a.php.内容是：

PHP code

<!--

Code highlighting produced by Actipro CodeHighlighter (freeware)
http://www.CodeHighlighter.com/

-->

$str = " /opt/rpm/bin/rpm -bb --target i686--linux /tmp/test.spec";
system($str);

?>

当我用http://192.168.1.1/a.php 执行的时候结果显示：

HTML code

<!--

Code highlighting produced by Actipro CodeHighlighter (freeware)
http://www.CodeHighlighter.com/

-->Building target platforms: i686--linux Building for target i686--linux Processing files: VTCUAL06.06C.P010-R1.0-P1

当我在命令行下用/usr/local/php a.php 执行的时候，结果显示：

HTML code

<!--

Code highlighting produced by Actipro CodeHighlighter (freeware)
http://www.CodeHighlighter.com/

-->
Building target platforms: i686--linux
Building for target i686--linux
Processing files: VTCUAL06.06C.P010-R1.0-P1
Finding  Provides: (using /opt/rpm/lib/rpm/find-provides)...
Finding  Requires: (using /opt/rpm/lib/rpm/find-requires)...
Wrote: /export/home/webadm/.rpm/RPMS/i686/VTCUA

也就是说在http访问模式下有三行没有显示出来：

HTML code

<!--

Code highlighting produced by Actipro CodeHighlighter (freeware)
http://www.CodeHighlighter.com/

-->
Finding  Provides: (using /opt/rpm/lib/rpm/find-provides)...
Finding  Requires: (using /opt/rpm/lib/rpm/find-requires)...
Wrote: /export/home/webadm/.rpm/RPMS/i686/VTCUA

有人知道是什么原因吗？谢谢了！！

------解决方案--------------------
这个问题好奇怪~~~~

有牛人知道吗？
------解决方案--------------------
一点不奇怪，执行用户不同而已。命令行执行的是root,网页执行的是apache用户。
google了一下，说apache带--enable-suexec编译就可以，但是没试过。
------解决方案--------------------

探讨

一点不奇怪，执行用户不同而已。命令行执行的是root,网页执行的是apache用户。
google了一下，说apache带--enable-suexec编译就可以，但是没试过。

------解决方案--------------------

探讨

以前一直都可以执行的。只是突然不能执行了。所以应该和用户没关系的把。

------解决方案--------------------
这是不可能的。
------解决方案--------------------
看看以 php 命令行方式执行你的程序的结果
------解决方案--------------------
噢，没注意
这显然是用于权限的问题了
web 方式下的 php 只是匿名用户，只有最低的权限

话说回来，如果什么都可以通过浏览器去操控，那么系统哪有安全性可言

想当初微软为了提供便利的数据查询，给 mssql2000 附加了 url 查询功能
结果不就被人利用，而成了臭名昭著的 SQL攻击

------解决方案--------------------
都说了是权限问题，你加了sudo了没，结果怎样？
------解决方案--------------------
应该有的，如果没有你wget下载安装一个。
------解决方案--------------------
后面没有输出我怀疑可能出错了，你试试看一下代码，然后告诉我结果。

function my_exec($cmd, $input='')
{$proc=proc_open($cmd, array(0=>array('pipe', 'r'), 1=>array('pipe', 'w'), 2=>array('pipe', 'w')), $pipes);
fwrite($pipes[0], $input);fclose($pipes[0]);
$stdout=stream_get_contents($pipes[1]);fclose($pipes[1]);
$stderr=stream_get_contents($pipes[2]);fclose($pipes[2]);
$rtn=proc_close($proc);
return array('stdout'=>$stdout,
'stderr'=>$stderr,
'return'=>$rtn
);
}
$str = " /opt/rpm/bin/rpm -bb --target i686--linux /tmp/test.spec";
var_export(my_exec($str));
------解决方案--------------------

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

PHP Dependency Injection Container: A Quick StartMay 13, 2025 am 12:11 AM

APHPDependencyInjectionContainerisatoolthatmanagesclassdependencies,enhancingcodemodularity,testability,andmaintainability.Itactsasacentralhubforcreatingandinjectingdependencies,thusreducingtightcouplingandeasingunittesting.

Dependency Injection vs. Service Locator in PHPMay 13, 2025 am 12:10 AM

Select DependencyInjection (DI) for large applications, ServiceLocator is suitable for small projects or prototypes. 1) DI improves the testability and modularity of the code through constructor injection. 2) ServiceLocator obtains services through center registration, which is convenient but may lead to an increase in code coupling.

PHP performance optimization strategies.May 13, 2025 am 12:06 AM

PHPapplicationscanbeoptimizedforspeedandefficiencyby:1)enablingopcacheinphp.ini,2)usingpreparedstatementswithPDOfordatabasequeries,3)replacingloopswitharray_filterandarray_mapfordataprocessing,4)configuringNginxasareverseproxy,5)implementingcachingwi

PHP Email Validation: Ensuring Emails Are Sent CorrectlyMay 13, 2025 am 12:06 AM

PHPemailvalidationinvolvesthreesteps:1)Formatvalidationusingregularexpressionstochecktheemailformat;2)DNSvalidationtoensurethedomainhasavalidMXrecord;3)SMTPvalidation,themostthoroughmethod,whichchecksifthemailboxexistsbyconnectingtotheSMTPserver.Impl

How to make PHP applications fasterMay 12, 2025 am 12:12 AM

TomakePHPapplicationsfaster,followthesesteps:1)UseOpcodeCachinglikeOPcachetostoreprecompiledscriptbytecode.2)MinimizeDatabaseQueriesbyusingquerycachingandefficientindexing.3)LeveragePHP7 Featuresforbettercodeefficiency.4)ImplementCachingStrategiessuc

PHP Performance Optimization Checklist: Improve Speed NowMay 12, 2025 am 12:07 AM

ToimprovePHPapplicationspeed,followthesesteps:1)EnableopcodecachingwithAPCutoreducescriptexecutiontime.2)ImplementdatabasequerycachingusingPDOtominimizedatabasehits.3)UseHTTP/2tomultiplexrequestsandreduceconnectionoverhead.4)Limitsessionusagebyclosin

PHP Dependency Injection: Improve Code TestabilityMay 12, 2025 am 12:03 AM

Dependency injection (DI) significantly improves the testability of PHP code by explicitly transitive dependencies. 1) DI decoupling classes and specific implementations make testing and maintenance more flexible. 2) Among the three types, the constructor injects explicit expression dependencies to keep the state consistent. 3) Use DI containers to manage complex dependencies to improve code quality and development efficiency.

PHP Performance Optimization: Database Query OptimizationMay 12, 2025 am 12:02 AM

DatabasequeryoptimizationinPHPinvolvesseveralstrategiestoenhanceperformance.1)Selectonlynecessarycolumnstoreducedatatransfer.2)Useindexingtospeedupdataretrieval.3)Implementquerycachingtostoreresultsoffrequentqueries.4)Utilizepreparedstatementsforeffi

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Roblox: Grow A Garden - Complete Mutation Guide

3 weeks agoByDDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

How to fix KB5055612 fails to install in Windows 10?

3 weeks agoByDDD

Nordhold: Fusion System, Explained

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Mandragora: Whispers Of The Witch Tree - How To Unlock The Grappling Hook

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

SublimeText3 English version

Recommended: Win version, supports code prompts!

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.