CODEWITHSUNDEEP
phpposixexecsetuidproc-open
Ron
Ron

Reputation: 13

PHP: posix_seteuid() and posix_setuid() not reflected in exec() or proc_open()?

When using exec() or proc_open() after posix_seteuid() or posix_setuid() I expected the resulting process to run as the UID I set inside the running script. This does not happen.

is this how it's supposed to work? I've worked around this by changing the user on the executed commandline, but it just seems like a security hole to change the UID and have exec() and proc_open() run things as root anyway.

Google searching has turned up nothing on this subject.

<?php
if (false === posix_setgid(1000)) echo "Could not setgid\n";
if (false === posix_setuid(1000)) echo "Could not setuid\n";
echo posix_getpwuid(posix_getuid())['name']."\n";
echo exec('echo $USER')."\n";

Was expecting:
# php test
ron
ron

Got instead:
# php test
ron
root

Upvotes: 1

Views: 55

Answers (2)

shingo
shingo

Reputation: 27341

You should execute id -u or whoami command to inspect the current user. $USER is an environment variable which is initialized by the login command (see Who sets $USER and $USERNAME environment variables?). setuid or seteuid only changes the uid of the process.

Upvotes: 2

Kamyar Safari
Kamyar Safari

Reputation: 446

It's because the exec() and proc_open() functions don't respect the changes made to the user ID (UID) or group ID (GID) with posix_setuid() and posix_setgid() within the PHP script.

You'll need to run the PHP script with the desired user privileges from the start, or explicitly specify the user in the command line

OR

You can use another methods like sudo to control the user under which the command runs.

Upvotes: -1

Related Questions