I'd be inclined to set up a special user account - with rights to do absolutely nothing
, except run these special scripts. Move the script up into, say, the ~/bin
directory of this special user's home directory, give the script 'execute' rights to members of the (also very low privileged) group
, that this new special user belongs to, and then add
Apache (or whichever user is actually running PHP scripts on your Linux version) to
that group. Then, make sure that only this special user and Apache/PHP are members of this new special group. That sort of goes a fair way towards sandboxing who is allowed to do what, while giving enough control to the PHP parser to actually do its job.
Then, you call your scripts using their full path, as in:
I'd also go the belt-and-bracers route, and wrap any text that gets passed to the shell execution functions in the likes of escapeshellcmd(), to prevent any nastiness from happening.
(It is relatively easy to secure a Unix system, but it is also relatively easy to make it insecure as well: install KDE 1.0 on any decent modern Linux, set up a cron job that will cause a Kernel panic every half hour and then go:
sudo chmod -R 777 /
...congratulations: you just reinvented Windows 98.)