Hi,
I think I've solved the problem
group owner of the dest_dir must be apache !!!
----- Original Message -----
From: "Alex Ciurea" <[EMAIL PROTECTED]>
To: "php mailing" <[EMAIL PROTECTED]>
Sent: Monday, January 13, 2003 1:53 PM
Subject: [PHP] Need some help in "exec"-attack
> Hi all,
>
> this is my situation:
> I want to execute some comands using 'shell_exec':
>
> $command=shell_exec("ls -la /usr/dest_dir;cp -R /usr/source_dir/1.php
> /usr/dest_dir;cd /usr/dest_dir;ls -la");
> echo "<pre>$command</pre>";
>
> Actually, these commands:
> 1) ls -la /usr/dest_dir
> 2) cp -R /usr/source_dir/1.php /usr/dest_dir
> 3) cd /usr/dest_dir
> 4) ls -la
>
> This is what I get:
>
> total 8
> drwxr-xr-x 2 mysql mysql 4096 Jan 13 13:29 .
> drwxr-xr-x 18 mysql mysql 4096 Jan 13 12:25 ..
> total 8
> drwxr-xr-x 2 mysql mysql 4096 Jan 13 13:29 .
> drwxr-xr-x 18 mysql mysql 4096 Jan 13 12:25 ..
>
> the first 3 lines, before the 'cp' command
> the last 3 lines, after the 'cp' command.
>
> As you can see, no changes.
>
> I've looked in the logs of the apache webserver and i've found this line:
>
> cp: cannot create regular file `/usr/dest_dir/1.php': Permission denied
>
> Note: source_dir and dest_dir are both owned by mysql
>
> Another thing :
>
> cp: cannot create regular file `/usr/dest_dir/1.php': Permission denied
>
> The path begin with a back tick . Is that normal?
>
>
>
>
>
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
