PHP exec security
so I was bored and wanted to create a small web interface for a few tasks. currently, I'm using POST to get arguments and then PHP's exec() to run a small shell script.
the scripts are all in password-protected directories, so I'm not terribly worried about them actually being abused, but I'm curious as to the best way to protect against command injection.
here's an example:
$cmd = "/$somepath/passwd.sh ".$username." ".$password." ".$new_password;
exec($cmd, $output, $return);
if I feed it the arguments 'someuser;' 'ls' and '/', it will actually do an 'ls' and return the output. I havent found any other commands that return output, but invalid input definitely boggles the shellscript's return code, which the PHP script uses for error handling. is there a way to deal with this kind of attack? is there a less kludgy way of solving this problem?
passwd $1 <<EOF
This is REALLY insecure code indeed.
As people can execute anything.
Its better to not use exec at all but if you really do want to use it FILTER everything.
oh yes. I'm aware of how terrifyingly insecure it is.
any thoughts on a less insane way of doing it?
Translate the .sh to php.