Skip to content
Advertisement

PHP’s exec() Function and the .history File

Given that the user that apache is running as on my server is a real user and has a home directory with a .history file, will running commands via exec() cause entries to be made in that file?

For example if I run exec("whoami") and I login as that user and run the command history will I see an entry in that history for the whoami command?

Advertisement

Answer

No.

michael@MacMichi:~ $ php -r 'exec("whoami");'
michael@MacMichi:~ $ history |tail -n3
  506  history |tail -n3
  507  php -r 'exec("whoami");'
  508  history |tail -n3

And for the apache case: i tried it out, two years ago (2012), and saw that it didn’t have any impact on the history. Just try it out if you are not sure…


Just a sidenote… the command is indeed interpreted by the shell, as you can see with this simple example

$ php -r 'exec("echo foo $(bar2 jojo) go >/dev/tty");'
sh: bar2: command not found
foo go

that’s exactly the same output, as when I do this on the command line directly

$ echo foo $(bar2 jojo) go >/dev/tty
-bash: bar2: command not found
foo go

The important point here is, that the shell only adds commands to the history if it is in “interactive mode”. When you do something like cat|bash or bash -c $exec_command, no history entry is created. That’s what exec() does, btw. It is a call like the C command execl("/bin/sh", "-c", exec_command, NULL);

User contributions licensed under: CC BY-SA
7 People found this is helpful
Advertisement