Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

disable_function accept cat command? security

Discussion in 'Security' started by konrath, Sep 24, 2009.

  1. konrath

    konrath Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    367
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Brasil
    Hello

    I want to add security to the server.

    If I put the cat command in disable_function ( in php.ni ) is help-me add security to the server or can break some features of cPanel?

    Thank you
    Konrath
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    8
    Trophy Points:
    193
    The "disable_functions" line in PHP.INI is for PHP Language Functions!

    There is no "cat" function in PHP! The command you speak of is a Linux system function and there is no way to disable "cat" as you put it from a practical perspective as there is at least 100 different ways to display files without directly using the "cat" command in Linux.

    Now regarding disable_functions in PHP.INI and what you would consider as the function of "cat" from Linux, you might want to disable the equivelent PHP function counterparts such as readfile or hightlight_file which are both capable of displaying files in a single command from PHP.

    The following is a list of more commonly misused PHP functions:

    Code:
    disable_functions = apache_child_terminate, apache_get_modules, apache_get_version, apaache_getenv, apache_note, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, readfile, shell_exec, syslog, system, xmlrpc_entity_decode, dba_replace, ftok, posix_access, symlink, disk_free_space, show_source, disk_free_space, diskfreespace, ini_set, mail, phpinfo
    
     
  3. konrath

    konrath Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    367
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Brasil
    Thank you Spiral

    Konrath
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice