The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

disable_function accept cat command? security

Discussion in 'Security' started by konrath, Sep 24, 2009.

  1. konrath

    konrath Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    367
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brasil
    Hello

    I want to add security to the server.

    If I put the cat command in disable_function ( in php.ni ) is help-me add security to the server or can break some features of cPanel?

    Thank you
    Konrath
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    The "disable_functions" line in PHP.INI is for PHP Language Functions!

    There is no "cat" function in PHP! The command you speak of is a Linux system function and there is no way to disable "cat" as you put it from a practical perspective as there is at least 100 different ways to display files without directly using the "cat" command in Linux.

    Now regarding disable_functions in PHP.INI and what you would consider as the function of "cat" from Linux, you might want to disable the equivelent PHP function counterparts such as readfile or hightlight_file which are both capable of displaying files in a single command from PHP.

    The following is a list of more commonly misused PHP functions:

    Code:
    disable_functions = apache_child_terminate, apache_get_modules, apache_get_version, apaache_getenv, apache_note, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, readfile, shell_exec, syslog, system, xmlrpc_entity_decode, dba_replace, ftok, posix_access, symlink, disk_free_space, show_source, disk_free_space, diskfreespace, ini_set, mail, phpinfo
    
     
  3. konrath

    konrath Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    367
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brasil
    Thank you Spiral

    Konrath
     
Loading...
Similar Threads - disable_function accept cat
  1. upsforum
    Replies:
    1
    Views:
    542

Share This Page