PHP exec security

[NeoIce]

so I was bored and wanted to create a small web interface for a few tasks. currently, I'm using POST to get arguments and then PHP's exec() to run a small shell script.

the scripts are all in password-protected directories, so I'm not terribly worried about them actually being abused, but I'm curious as to the best way to protect against command injection.

here's an example:

php

Code:

$cmd = "/$somepath/passwd.sh ".$username." ".$password." ".$new_password;
exec($cmd, $output, $return);

shell

Code:

passwd $1 <<EOF
$2
$3
$3
EOF

if I feed it the arguments 'someuser;' 'ls' and '/', it will actually do an 'ls' and return the output. I havent found any other commands that return output, but invalid input definitely boggles the shellscript's return code, which the PHP script uses for error handling. is there a way to deal with this kind of attack? is there a less kludgy way of solving this problem?

thanks,
-rb

[RobinVossen]

This is REALLY insecure code indeed.
As people can execute anything.
Its better to not use exec at all but if you really do want to use it FILTER everything.

[NeoIce]

oh yes. I'm aware of how terrifyingly insecure it is.

any thoughts on a less insane way of doing it?

[RobinVossen]

Translate the .sh to php.