Given that the user that apache is running as on my server is a real user and has a home directory with a .history file, will running commands via exec() cause entries to be made in that file?
For example if I run exec("whoami") and I login as that user and run the command history will I see an entry in that history for the whoami command?
Advertisement
Answer
No.
michael@MacMichi:~ $ php -r 'exec("whoami");'
michael@MacMichi:~ $ history |tail -n3
506 history |tail -n3
507 php -r 'exec("whoami");'
508 history |tail -n3
And for the apache case: i tried it out, two years ago (2012), and saw that it didn’t have any impact on the history. Just try it out if you are not sure…
Just a sidenote… the command is indeed interpreted by the shell, as you can see with this simple example
$ php -r 'exec("echo foo $(bar2 jojo) go >/dev/tty");'
sh: bar2: command not found
foo go
that’s exactly the same output, as when I do this on the command line directly
$ echo foo $(bar2 jojo) go >/dev/tty -bash: bar2: command not found foo go
The important point here is, that the shell only adds commands to the history if it is in “interactive mode”. When you do something like cat|bash or bash -c $exec_command, no history entry is created. That’s what exec() does, btw. It is a call like the C command execl("/bin/sh", "-c", exec_command, NULL);