23
Jun

How to Enabling a PHP function for one account ?

   Posted by: admin   in Server-Security

Add Comment

IF you disable PHP function in php.ini file and if you want to enable any particular function only one account .Then You can however use suhosin to enable a function for one domain only.

How can you do that ?

After installing suhosin, remove all functions from disable_functions in php.ini and add in php.ini suhosin.executor.func.blacklist = “exec,passthru,shell_exec” and all the functions that you whant to disable globally.
After that for each domain in the virtual host section you can add suhosin.executor.func.blacklist again but without the function that you need to enable. And so you will enable that function only for one domain.

Example:
<VirtualHost 127.0.0.1>
………..
………..
<IfModule mod_php4.c>
php_admin_value open_basedir “/usr/lib/php”
</IfModule>
<IfModule mod_php5.c>
php_admin_value open_basedir “/usr/lib/php”
php_admin_value suhosin.executor.func.blacklist = “passthru,shell_exec”
</IfModule>
…….
……
</VirtualHost>

In this example exec has been enabled for the VirtualHost.
This way it will be better as you do not neet to modify all the virtual hosts only the ones that you need to enable one or more functions.

Regard’s

Alex P

 

This entry was posted on Saturday, June 23rd, 2007 at 6:05 pm and is filed under Server-Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One comment

Adam Dempsey
 1 

Thanks for the great tip :) Exactly what I was looking for, as I didn’t want to have to re-enable shell_exec for the entire server.

July 7th, 2007 at 2:51 pm

Leave a reply

Name (*)
Mail (will not be published) (*)
URI
Comment
Back to top