I have OpenBSD 5.6 and php-fpm, nginx.
Is chrooted by default on /var/www
I try:(test.php)
<?php
if(function_exists('exec')) {
echo "exec is enabled";
}else{
// it's not
echo "exec is disabled";
}
echo "<br>";
if( ini_get('safe_mode') ){
// safe mode is on
echo "safe_mode is enabled";
}else{
// it's not
echo "safe_mode is disabled";
}
echo "<br>";
echo exec('whoami');
?>
browser only prints:
exec is enabled
safe_mode is disabled
I tried to change:
echo exec('whoami');
to
echo exec('/usr/bin/whoami');
but exec does not work
I've tried in the terminal;
# sudo -u www php-5.5 test.php
exec is enabled<br>safe_mode is disabled<br>www
So I think the whole problem is in php-fpm.
Would I could help?
Best Answer
It's OpenBSD, and it's chrooted by default -- you said so yourself.
Commands such as
whoami
are not accessible by your PHP script. This is by design.