Security in an process started with exec
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.lang.php archive

Security in an process started with exec

From: a <xxxxxxx@pacbell.net>
Date: Wed Jan 18 2006 - 23:06:58 CET



Hi,



The php script that processes user input from a form, starts a new process 


using exec. In my case, the process may contain arbitrary, user defined 


functionality. How do I ensure that that process doesn't do any harm? Is 


there a way to define a sort of sandbox that the process can run in, so it 


won't be able to access any unauthorized resources, or do some other damage 


to the server?



I am running PHP 5.1.2 on Apache 2, on Win XP Pro.



Thanks,



A 


Received on Thu Jan 19 03:51:37 2006