The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP Disable Functions

Discussion in 'Security' started by Bashed, Jul 3, 2015.

  1. Bashed

    Bashed Well-Known Member

    Joined:
    Dec 18, 2013
    Messages:
    78
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hey folks,

    What is everyone's recommended disable_functions setting in PHP (w/ suPHP enabled) on shared servers?

    I'm currently using this:

    Code:
    passthru,exec,shell_exec,system,apache_note,apache_setenv,closelog,debugger_off,debugger_on,define_syslog_variables,openlog,syslog,symlink,escapeshellarg,escapeshellcmd,dl,socket_accept,socket_bind,socket_clear_error,socket_close,socket_connect,socket_create_listen,socket_create_pair,socket_create,socket_get_option,socket_getpeername,socket_getsockname,socket_last_error,socket_listen,socket_read,socket_recv,socket_recvfrom,socket_select,socket_send,socket_sendto,socket_set_block,socket_set_nonblock,socket_set_option,socket_shutdown,socket_strerror,socket_write,stream_sock
    I've read that these are all 'dangerous' too, is this too much?

    Code:
        apache_child_terminate
        apache_setenv
        define_syslog_variables
        escapeshellarg
        escapeshellcmd
        eval
        exec
        fp
        fput
        ftp_connect
        ftp_exec
        ftp_get
        ftp_login
        ftp_nb_fput
        ftp_put
        ftp_raw
        ftp_rawlist
        highlight_file
        ini_alter
        ini_get_all
        ini_restore
        inject_code
        mysql_pconnect
        openlog
        passthru
        php_uname
        phpAds_remoteInfo
        phpAds_XmlRpc
        phpAds_xmlrpcDecode
        phpAds_xmlrpcEncode
        popen
        posix_getpwuid
        posix_kill
        posix_mkfifo
        posix_setpgid
        posix_setsid
        posix_setuid
        posix_setuid
        posix_uname
        proc_close
        proc_get_status
        proc_nice
        proc_open
        proc_terminate
        shell_exec
        syslog
        system
        xmlrpc_entity_decode
    
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Those all look about right. Worst case if a customer has issues with a legitimate application, get them their own php.ini with a different disable_functions.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You may want to monitor your error_log files within the accounts after disabling additional functions if you are concerned it will cause issues with the scripts installed for your accounts.

    Thank you.
     
Loading...

Share This Page