Disabling PHP Functions with SUHOSIN on suPHP

zontrakulla

Active Member
Jan 16, 2008
39
0
56
Hello,

I've installed SUHOSIN and made necessary changes. Now, i want to allow a user to be able to use some php commands, like shell_exec(). I've created /usr/local/apache/conf/userdata/std/2/usernamehere/userdomainhere/custom.conf

and put
Code:
php_admin_value suhosin.executor.func.blacklist ''
When i check /scripts/ensure vhost_includes --user=usernamehere i get this error

Code:
Invalid command 'php_admin_value', perhaps misspelled or defined by a module not                 included in the server configuration
Since I'm on suPHP, i can't use php_admin_value . Then how can i put suhosin.executor.func.blacklist value to conf file?

Thank you.
 

zontrakulla

Active Member
Jan 16, 2008
39
0
56
Alright, i managed to do that.

Added

Code:
[PATH=/home/username/public_html]
suhosin.executor.func.blacklist=""
to my php.ini file.

:cool:

edit:

or a better idea. Keep other functions in blacklist and enable only shell_exec()
Code:
suhosin.executor.func.blacklist="exec,passthru,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source"
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,268
463
Hello :)

I am happy to hear you were able to find a resolution for your issue. While not directly related to your specific issue, the following forum thread may also be useful if you are attempting to make suPHP more secure:

Methods to increase security when using suPHP

Thank you.
 

Dr Ahmed

Member
Mar 22, 2011
19
0
51
cPanel Access Level
Root Administrator
Alright, i managed to do that.

Added

Code:
[PATH=/home/username/public_html]
suhosin.executor.func.blacklist=""
to my php.ini file.

:cool:

edit:

or a better idea. Keep other functions in blacklist and enable only shell_exec()
Code:
suhosin.executor.func.blacklist="exec,passthru,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source"
This solution is valid only in case of using PHP 5.3.x or above

also php_admin_value is used only in case of your php handler is DSO not suPHP

Greatings,