Hello....

When used extension along with wordpress (installing it), with PHP 7.4.15 (even php 7.3 and 7.2 last versions)...

Fatal error: Cannot redeclare wp_get_server_protocol() (previously declared in herwise. */:1685339145) in /home/xxxx/public_html/test-php74/wp-includes/load.php on line 15

Wordpress success first time... then the next requests to the same FPM thread will crash with the previous error.

Is this wonderful project active?

Regards and thanks!

This is my current setup:
rpm -qa|grep php71
php71-php-pecl-apcu-5.1.8-1.el7.remi.x86_64
php71-php-fpm-7.1.9-1.el7.remi.x86_64
php71-php-imap-7.1.9-1.el7.remi.x86_64
php71-php-pecl-redis-3.1.2-1.el7.remi.x86_64
php71-php-xml-7.1.9-1.el7.remi.x86_64
php71-php-cli-7.1.9-1.el7.remi.x86_64
php71-php-mysqlnd-7.1.9-1.el7.remi.x86_64
php71-php-process-7.1.9-1.el7.remi.x86_64
php71-runtime-1.0-1.el7.remi.x86_64
php71-php-pecl-igbinary-2.0.4-1.el7.remi.x86_64
php71-php-pecl-memcache-3.0.9-0.7.20161124gitdf7735e.el7.remi.x86_64
php71-php-common-7.1.9-1.el7.remi.x86_64
php71-php-soap-7.1.9-1.el7.remi.x86_64
php71-php-pecl-geoip-1.1.1-3.el7.remi.x86_64
php71-php-pecl-memcached-3.0.3-1.el7.remi.x86_64
php71-php-json-7.1.9-1.el7.remi.x86_64
php71-php-7.1.9-1.el7.remi.x86_64
php71-php-mcrypt-7.1.9-1.el7.remi.x86_64
php71-php-tidy-7.1.9-1.el7.remi.x86_64
php71-php-pecl-sphinx-1.4.0-0.2.20170203git201eb00.el7.remi.x86_64
php71-php-pdo-7.1.9-1.el7.remi.x86_64
php71-php-devel-7.1.9-1.el7.remi.x86_64
php71-php-xmlrpc-7.1.9-1.el7.remi.x86_64
php71-php-bcmath-7.1.9-1.el7.remi.x86_64
php71-php-pecl-apcu-bc-1.0.3-6.el7.remi.x86_64
php71-php-pecl-msgpack-2.0.2-1.el7.remi.x86_64
php71-php-opcache-7.1.9-1.el7.remi.x86_64
php71-php-pear-1.10.5-2.el7.remi.noarch
php71-php-pecl-zip-1.15.1-1.el7.remi.x86_64
php71-php-pecl-imagick-3.4.3-5.el7.remi.x86_64
php71-php-gd-7.1.9-1.el7.remi.x86_64
php71-php-snmp-7.1.9-1.el7.remi.x86_64
php71-php-mbstring-7.1.9-1.el7.remi.x86_64

This is my current setup for php-exec:
cd /root/php
rm /root/php/mod_execdir -rf
git clone https://github.com/OOPS-ORG-PHP/mod_execdir/
cd /root/php/mod_execdir
/opt/remi/php71/root/usr/bin/phpize
./configure --with-execdir= --with-php-config=/opt/remi/php71/root/usr/bin/php-config
make test PHP_EXECUTABLE=/usr/bin/php71
make install

Test fails:
PHP : /usr/bin/php71
PHP_SAPI : cli
PHP_VERSION : 7.1.9
ZEND_VERSION: 3.1.0
PHP_OS : Linux - Linux f100.test.com 3.10.0-693.1.1.el7.x86_64 #1 SMP Wed Aug 23 13:08:16 UTC 2017 x86_64
INI actual : /root/setupSync/php/mod_execdir/tmp-php.ini
More .INIs :
CWD : /root/setupSync/php/mod_execdir
Extra dirs :
VALGRIND : Not used
TIME START 2017-09-18 15:22:30
PASS Check for jailed_shellcmd function [tests/000-jailed_shellcmd.phpt]
PASS Check for exec_re function that has command not found [tests/001-exec-failed.phpt]
PASS Check for exec_re function that return success [tests/001-exec-normal.phpt]
PASS Check for system_re function that has command not found [tests/002-system-failed.phpt]
PASS Check for system_re function that return success [tests/002-system-normal.phpt]
PASS Check for passthru_re function that has command not found [tests/003-passthru-failed.phpt]
PASS Check for passthru_re function that return success [tests/003-passthru-normal.phpt]
PASS Check for shell_exec_re function that return success [tests/004-shell_exec-failed.phpt]
PASS Check for shell_exec_re function that return success [tests/004-shell_exec-normal.phpt]
PASS Check for popen_re function that return success [tests/005-popen-failed.phpt]
PASS Check for popen_re function that return success [tests/005-popen-normal.phpt]
PASS Check for proc_open_re function that has command not found [tests/006-proc_open-failed.phpt]
PASS Check for proc_open_re function that return success [tests/006-proc_open-normal.phpt]
PASS Check for pcntl_exec_re function that has command not found [tests/007-pcntl_exec-failed.phpt]
PASS Check for pcntl_exec_re function that return success [tests/007-pcntl_exec-normal.phpt]
PASS Check for shell redirection [tests/008-redirection.phpt]
PASS Check for NULL byte detected error [tests/009-twice_same_command.phpt]
TIME END 2017-09-18 15:22:31

TEST RESULT SUMMARY
Exts skipped : 0
Exts tested : 15

Number of tests : 17 17
Tests skipped : 0 ( 0.0%) --------
Tests warned : 0 ( 0.0%) ( 0.0%)
Tests failed : 0 ( 0.0%) ( 0.0%)
Expected fail : 0 ( 0.0%) ( 0.0%)
Tests passed : 17 (100.0%) (100.0%)
Time taken : 1 seconds

This report can be automatically sent to the PHP QA team at
http://qa.php.net/reports and http://news.php.net/php.qa.reports
This gives us a better understanding of PHP's behavior.
If you don't want to send the report immediately you can choose
option "s" to save it. You can then email it to [email protected] later.
Do you want to send this report now? [Yns]:

Real world tests:
exec seems to limit exec to the selected directly properly, however
I am seeing random segfault when using execdir extension with exec() and ffmpeg
Also, exec_orig works on PHP 5.6 but doesn't seem to work on php 7.1

Everything works okay when disabling execdir, and all php coredumps go away.

fixed build error and wrong operation on PHP 7.3 environments

Build failed on PHP 8

_Expected result: replace proc_open
_Actual result: return string "proc_open"

not yet test on php 5.3

Update the version of the Master Branch to 1.0.7

update version of master branch to 1.0.5

According to the PHP Proc_Open documentation:

As of PHP 7.4.0, cmd may be passed as array of command parameters. In this case the process will be opened directly (without going through a shell) and PHP will take care of any necessary argument escaping.

_code_:

<?php
echo jailed_shellcmd ('/bin/ls');
?>

_Expected result_:

/var/lib/php/bin/ls

_Actual result_:

Fatal error: Call to undefined function jailed_shellcmd() in /dev/shm/a.php on line 2

If run the same command twice, occurs the error "NULL byte detected."

<?php
system ('ls -al');
system ('ls -al');
?>

Expected:

[root@an3 php-7.0.23]$ php -d exec_dir=/asdf test.php
sh: /asdf/ls: No such file or directory
sh: /asdf/ls: No such file or directory
[root@an3 php-7.0.23]$

Actually:

[root@an3 php-7.0.23]$ php -d exec_dir=/asdf test.php
sh: /asdf/ls: No such file or directory
PHP Warning:  system(): NULL byte detected. Possible attack in /root/rpmbuild/BUILD/php-7.0.23RC1/z.php on line 3

Warning: system(): NULL byte detected. Possible attack in /root/rpmbuild/BUILD/php-7.0.23RC1/z.php on line 3
[root@an3 php-7.0.23]$

Update the version of the Master Branch to 1.0.6

mod_execdir extension support original system function with '_orig' postfix. For examples:

<?php
exec_orig('ls -al');
?>

However, this could be a vulnerability. So, this function is changed sub function for debugging or confirmation of operation of wrapping function.

To use this feature, you must specify the --enable-execdir-addon option at configure time.

[root@host mod_execdir]$ ./configure --with-execdir=/var/php/bin --enable-execdir-addon

Bug Environments

• Product Version : 1.0.5 (no problem 1.0.4 and before)
• PHP Version: PHP 5.0.0 ~ 5.0.3
• PHP SAPI: all

Describe the bug

FAIL Check for pcntl_exec_re function that has command not found [tests/007-pcntl_exec-failed.phpt]
FAIL Check for pcntl_exec_re function that return success [tests/007-pcntl_exec-normal.phpt]

To Reproduce

1. build as extension of PHP 5.3
2. phpize
3. make tests PHP_EXECUTABLE=/usr/bin/php

Expected behavior

check result to PASS

Additional context

Parse error: syntax error, unexpected '[' in /root/work/github/php/mod_execdir/tests/007-pcntl_exec-failed.php on line 12
Parse error: syntax error, unexpected '[' in /root/work/github/php/mod_execdir/tests/007-pcntl_exec-normal.php on line 12

Perhaps, it is a problem of test code, not the functional problem of extension.

In php 5.3 and before, safe_mode does not work in shell_exec, even if safe_mode setting is enabled.

Test Code:

<?php
if ( ini_get ('safe_mode') > 0 ) {
    shell_exec('ls -al');
}
?>

Expected Result:

Warning: Cannot execute using backquotes in Safe Mode in test.php on line 3

Actual Result:

Total 232
drwxr-xr-x  5 root root  4096 2017-01-10 04:21 .
drwxr-xr-x 12 root root  4096 2017-01-10 04:21 ..
drwxr-xr-x  8 root root  4096 2017-01-10 04:02 .git
-rw-r--r--  1 root root   292 2016-06-19 22:56 .gitignore
-rw-r--r--  1 root root  8273 2016-06-23 04:21 README.ko.md
-rw-r--r--  1 root root  7215 2017-01-10 00:50 README.md
-rw-r--r--  1 root root    39 2017-01-10 04:21 a.php
-rw-r--r--  1 root root   749 2017-01-10 00:50 config.m4
-rw-r--r--  1 root root 12525 2017-01-10 01:59 execdirapi.c
-rw-r--r--  1 root root  1580 2017-01-10 00:50 execdirapi.h
-rw-r--r--  1 root root   313 2016-06-19 22:56 init.sh
-rw-r--r--  1 root root  3396 2017-01-10 04:01 package.xml
drwxr-xr-x  2 root root  4096 2017-01-10 00:50 patches
-rw-r--r--  1 root root 23415 2017-01-10 03:59 php_execdir.c
-rw-r--r--  1 root root  3026 2017-01-10 00:50 php_execdir.h
-rw-r--r--  1 root root 26721 2016-06-19 22:56 proc_open.c
-rw-r--r--  1 root root 27951 2016-06-20 02:22 proc_open5.c
-rw-r--r--  1 root root 29271 2016-06-20 04:01 proc_open53.c
-rw-r--r--  1 root root 34410 2017-01-10 02:32 tags
drwxr-xr-x  2 root root  4096 2017-01-10 03:16 tests

Currently, mod_screwim does not issue a compile warning message.
We will add the -Wall option.

If the command contains a slash, the DEBUG mark is ignored.

for example:

<?php
system ('DEBUG:ls -al');
system ('DEBUG:/bin/ls -al');
?>

Expected messages:

[root@host ~]$ php test.php
p **> ls -al
p ==> /var/lib/php/bin/ls -al
--
sh: /var/lib/php/bin/ls: No such file or directory
p **> ls -al
p ==> /var/lib/php/bin/ls -al
--
sh: /var/lib/php71/bin/ls: No such file or directory

Current messages:

[user@host ~]$ php test.php
p **> ls -al
p ==> /var/lib/php/bin/ls -al
--
sh: /var/lib/php/bin/ls: No such file or directory
sh: /var/lib/php/bin/ls: No such file or directory
[user@host ~]$

In the function "get_command_from_array" in proc_open.c, argument string check is performed in get_valid_arg_string, but there is a problem of duplicating once more.

    ZEND_HASH_FOREACH_VAL(array, arg_zv) {
        zend_string *arg_str = get_valid_arg_string(arg_zv, i + 1);
        if (!arg_str) {
            /* Terminate with NULL so exit_fail code knows how many entries to free */
            (*argv)[i] = NULL;
            if (command != NULL) {
                efree(command);
            }
            return NULL;
        }

        if (i == 0) {
#ifdef HAVE_EXECDIR
            if (strlen(ZSTR_VAL(arg_str)) != ZSTR_LEN(arg_str)) {
                php_error_docref(NULL, E_WARNING, "NULL byte detected. Possible attack");
                return NULL;
            }
            {
                char * jcommand = get_jailed_shell_cmd (ZSTR_VAL(arg_str));
                if (jcommand == NULL)
                    return NULL;
                command = estrdup(jcommand);
                efree (jcommand);
            }
#else
            command = estrdup(ZSTR_VAL(arg_str));
#endif
        }

        (*argv)[i++] = estrdup(ZSTR_VAL(arg_str));
        zend_string_release(arg_str);
    } ZEND_HASH_FOREACH_END();

Bug Environments

• Product Version : 1.0.6
• PHP Version: < 7.0.0
• PHP SAPI: ALL

Describe the bug

There is a bug in the PHP bug #79182 patch modified in 1.0.6.

In an environment less than PHP 7, when the third env_var arrangement factor of the pcntl_exec function is given, an error occurs unconditionally as follows.

$r = pcntl_exec ("/bin/cat", array ($datafile), array ('ABC' => 'TEST'));

Results of execution:

Fatal error: pcntl_exec(): The element length or key length is greater than -1. in /root/work/github/php/mod_execdir/tests/007-pcntl_exec-normal.php on line 10

This error occurs due to the following code (patch 3257a2d):

To Reproduce

Steps to reproduce the behavior:

[root@host ~]# ./configure && make
[root@host ~]# php -n -d 'track_errors=1' -d 'extension_dir=./modules/' -d 'extension=execdir.so' <<-EOL
<?php
$r = pcntl_exec ("/bin/cat", array ($datafile), array ('ABC' => 'TEST'));
?>
EOL

Expected behavior

No failure on result of upper reproduced action

If you run a shell command after a semicolon, there is a problem that the backticks or $() syntax is not filtered.

for examples:

<?php
exec('ls -al;$(echo "hi" > /tmp/c.txt)');
exec('ls -al;`echo "hi"  > /tmp/d.txt`');
exec('ls -al;`ps aux     > /tmp/e.txt`');
?>

This bug is reported by 강윤중<[email protected]> at https://oops.org/SERVICE/jsboard/read.php?table=jsboard_oopsQnA&no=53500

need test follow case:

<?php
$a = `/bin/cat /etc/hosts`;
echo $a;
?>

version update 1.0.3

Bug Environments

• Product Version : 1.0.5
• PHP Version: PHP 5.x (all minor version)
• PHP SAPI: all

Describe the bug

Occurs build failure with follow error on PHP 5.x

/root/work/github/php/mod_execdir/php_execdir.c: In function ‘safe_hook_execdir’:
/root/work/github/php/mod_execdir/php_execdir.c:204:70: error: macro "zend_hash_del" requires 3 arguments, but only 2 given
   zend_hash_del (CG (function_table), EXEC_STRING (p->orig_func)  + 1);
                                                                      ^
/root/work/github/php/mod_execdir/php_execdir.c:204:3: error: ‘zend_hash_del’ undeclared (first use in this function)
   zend_hash_del (CG (function_table), EXEC_STRING (p->orig_func)  + 1);
   ^
/root/work/github/php/mod_execdir/php_execdir.c:204:3: note: each undeclared identifier is reported only once for each function it appears in
make: *** [php_execdir.lo] Error 1

To Reproduce

Steps to reproduce the behavior:

1. phpize (for php 5.x)
2. make

Expected behavior

no build error

Additional context

EXEC_STRING constant does not extend because end_hash_del is constant.

Problem:
When adding "2>&1" to exec argument, it causes commands to fail

How to reproduce problem:
execdir.ini setting:
extension = execdir.so
exec_dir = /etc/run

php code:
$a = "/etc/run/pngquant '--force' '--ext=.png' '--' '/testimage/a.png' 2>&1";
print exec($a);

error:
fails with
sh: /etc/run/: ambiguous redirect

workaround:
currently must delete "2>&1"
$a = "/etc/run/pngquant '--force' '--ext=.png' '--' '/testimage/a.png'";
print exec($a);
will work

In apache virtual host, can't change value of the exec_dir option with php_admin_value directive.

<VirtualHost *:80>
    ServerName domain.com
    blah blah~~~~

    php_admin_value exec_dir /var/lib/php/domain.com/bin
</VirtualHost>

Current, the value of exec_dir option only can be changed with php ini configuration.

check php 7.2 support and confirm code of proc_open

No problem with php 7.1.11-1

However when trying to use with php 5.6.32-1
The most recent version shows the following error when running php:

PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/execdir.so' - /usr/lib64/php/modules/execdir.so: undefined symbol: zend_hash_str_del in Unknown on line 0

확장 모듈 유용하게 잘 사용하고 있습니다.
사용중 절대 경로 문제가 발견 되어 문의 드립니다.

서버 설정

  <IfModule php5_module>
    php_admin_value exec_dir /home/user/bin
  </IfModule>

php 실행

echo exec('DEBUG:/testbin/command1');

php 실행 결과

-- make_cmdargv ------
Origianl : DEBUG:/testbin/command1
cmd      : /testbin/command1 (16)
argv     :  (0)
----------------------

Orig Cmd ==> command1
Conv Cmd ==> /home/user/bin/command1
--

exec_dir 경로로 지정한 디렉토리 이하의 서브디렉토리에 있는 command를 실행 하려고 합니다.
디버깅을 해보니 /testbin/ 서브디렉토리명이 삭제된 상태로 명령어가 실행이 됩니다.
Conv Cmd가 /home/user/bin/testbin/command1 로 실행을 할 수 있는 방법은 없을까요?

감사합니다.

_Expected result:
The hooking of pcntl extension is not possible on mod_execdir because of static global variable (_le_pcntl).

So, apart Create the mod_jailed_pcntl extension.

_Actual result_:
return string "pcntl_exec"

Execution Environments:

• PHP Version : 7.3
• PHP SAPI: All

Issue description:

Supprot patch for PHP 7.3 (It does not matter mod_execdir).

This patch does not use the mod_execdir function as an extension, but rather a direct patch to PHP.

It does not check the actual build results of source patch files in patches.

You need to make sure there's no problem.

Hello:

First of all, thanks so much for your efforts at building up this perfectly useful extension... Highly appreciated.

I have errors along with my config:

• php 7.1 FPM

• php config maybe related: disable_functions: exec,passthru,shell_exec,system,show_source,popen,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals

• opcache on.

• mod_execdir built up and configured as dynamic extension for php.

• We are using "wkhtmltopdf" to build up pdfs.

• Also "/vendor/mikehaertl/phpwkhtmltopdf" libraries to call it and execute from PHP.

Problem is:

• First execution, pdf is generated and downloaded perfectly... feels like if there is no problem at all.
• Following executions always give error:

<b>Fatal error</b>:  Uncaught Error: Call to undefined function mikehaertl\shellcommand\proc_close() in /home/xxxxxxxxx/public_html/vendor/mikehaertl/php-shellcommand/src/Command.php:322
Stack trace:
#0 /home/xxxxxxxxx/public_html/vendor/mikehaertl/phpwkhtmltopdf/src/Pdf.php(270): mikehaertl\shellcommand\Command-&gt;execute()
#1 /home/xxxxxxxxx/public_html/vendor/mikehaertl/phpwkhtmltopdf/src/Pdf.php(178): mikehaertl\wkhtmlto\Pdf-&gt;createPdf()
#2 /home/xxxxxxxxx/public_html/test.php(21): mikehaertl\wkhtmlto\Pdf-&gt;send()
#3 {main}
  thrown in <b>/home/xxxxxxxxx/public_html/vendor/mikehaertl/php-shellcommand/src/Command.php</b> on line <b>322</b><br />

Then some testing....

• if just current php thread process die, the next execution will run ok.
• if you try it and it creates a new php thread, the execution will be ok same way.
• if you reload or restart php, the php thread will be of course new, and the execution will be fine.

It just appears to cause error only when re-using a php-fpm existing thread.

Piece of code around the path /home/xxxxxxxxx/public_html/vendor/mikehaertl/php-shellcommand/src/Command.php:322 is:

            $descriptors = array(
                1   => array('pipe','w'),
                2   => array('pipe', $this->getIsWindows() ? 'a' : 'w'),
            );
            $process = proc_open($command, $descriptors, $pipes, $this->procCwd, $this->procEnv, $this->procOptions);

            if (is_resource($process)) {

                $this->_stdOut = stream_get_contents($pipes[1]);
                $this->_stdErr = stream_get_contents($pipes[2]);
                fclose($pipes[1]);
                fclose($pipes[2]);

                $this->_exitCode = proc_close($process);

                if ($this->_exitCode!==0) {
                    $this->_error = $this->_stdErr ? $this->_stdErr : "Failed without error message: $command";
                    return false;
                }
            } else {
                $this->_error = "Could not run command $command";
                return false;
            }

The line causing error is:

$this->_exitCode = proc_close($process);

Uncaught Error: Call to undefined function mikehaertl\shellcommand\proc_close()

Well.....

If I disable, dynamic exec_dir extension, no problem appears at all... will be fine.

Thanks so much for your interest!

--

Gino

Bug Environments

• Product Version : 1.0.5
• PHP Version: 8.1.1
• PHP SAPI: cli

Describe the bug

Intermittent error of proc_open_re function:
The data type of the "command" member of the "php_process_handle" structure changes from (char *) to (zend_string *) from 8.1.0 and later, resulting in intermittent malfunctions.

8.0.0:

typedef struct _php_process_handle {
    php_process_id_t    child;
#ifdef PHP_WIN32
    HANDLE childHandle;
#endif
    int npipes;
    zend_resource **pipes;
    char *command;
    php_process_env env;
} php_process_handle;

8.1.0:

typedef struct _php_process_handle {
    php_process_id_t    child;
#ifdef PHP_WIN32
    HANDLE childHandle;
#endif
    int npipes;
    zend_resource **pipes;
    zend_string *command;
    php_process_env env;
} php_process_handle;

To Reproduce

Steps to reproduce the behavior:

1. phpize81 && ./configure && make

   /root/work/php/ext/zzz/proc_open.c: In function 'zif_proc_get_status_re':
   /root/work/php/ext/zzz/proc_open.c:390:2: warning: passing argument 4 of 'add_assoc_string_ex' from incompatible pointer type [enabled by default]
     add_assoc_string(return_value, "command", proc->command);
     ^
   In file included from /opt/php-qa/php81/include/php/main/php.h:35:0,
                    from /root/work/php/ext/zzz/proc_open.c:23:
   /opt/php-qa/php81/include/php/Zend/zend_API.h:502:15: note: expected 'const char *' but argument is of type 'struct zend_string *'
    ZEND_API void add_assoc_string_ex(zval *arg, const char *key, size_t key_len, const char *str);
                  ^
   /root/work/php/ext/zzz/proc_open.c: In function 'zif_proc_open_re':
   /root/work/php/ext/zzz/proc_open.c:1282:16: warning: assignment from incompatible pointer type [enabled by default]
     proc->command = command;
                   ^

2. make test PHP_EXECUTABLE=/usr/bin/php81

Expected behavior

No build warning and always success make test

see also php/php-src#1588