function exec .. again

Skin

Joined: 2003-05-06
Posts: 21

Posted: Mon, 2005-09-26 15:50

My host disabled the function exec some weeks ago, I read the documentation, the forum and faq and I know that I need exec function to run gallery 1, so i asked them to make this function available again and they did it.

Now they disabled again this function saing again that it's very unsafe to make exec available because exec and shell exec make everyone free to execute what they like,and this is very unsafe .... pratically they are sayng that software that requires exec function makes the server unsafe.

They olso say that a software like gallery don't really need to use the exec function, ....(is it really possible?)

I'd like to know the security problems with this function, if I understand well the problem is that in a shared hosting with exec enabled someone can install dangerous and malicious software? If this is correct the only way to have a secure environment and the exec function enabled is to have a private server and to know what script are running on the server?

Thanks
Alessio

Login or register to post comments

h0bbel

Joined: 2002-07-28
Posts: 13451

Posted: Mon, 2005-09-26 16:28

Gallery has to use exec() to call the NetPBM or ImageMagick binaries so it can create thumbnails. Gallery 2 can use GD (internal PHP function) to do it though, so that might be a more viable solution for you.

h0bbel - Gallery Team
If you found my help useful, please consider donating to Gallery
http://h0bbel.p0ggel.org

Login or register to post comments

Skin

Joined: 2003-05-06
Posts: 21

Posted: Tue, 2005-09-27 17:21

h0bbel wrote:

Gallery has to use exec() to call the NetPBM or ImageMagick binaries so it can create thumbnails. Gallery 2 can use GD (internal PHP function) to do it though, so that might be a more viable solution for you.

Done I installed G2 and I made a theme to integrate G2 on my site http://www.web-design.pointnet.it/gallery/v/, I'm very happy with G2, I only can immagine how much did you work on this project.

But in some sites I must use G1, and this sites stopped working with exec function disabled.

Is there a way to make G1 working with GD or with exec function disabled.

Thanks

Login or register to post comments

h0bbel

Joined: 2002-07-28
Posts: 13451

Posted: Tue, 2005-09-27 18:05

No, there is no way to get G1 running with GD or without exec.

h0bbel - Gallery Team
If you found my help useful, please consider donating to Gallery
http://h0bbel.p0ggel.org

Login or register to post comments

Hetti

Joined: 2006-06-13
Posts: 4

Posted: Wed, 2006-06-14 10:44

h0bbel wrote:

Gallery has to use exec() to call the NetPBM or ImageMagick binaries so it can create thumbnails. Gallery 2 can use GD (internal PHP function) to do it though, so that might be a more viable solution for you.

Hello there,
could you explain or post a link to a tutorial how to use this "GD" because my provider also disabled the exec() function.
Thx

Login or register to post comments

h0bbel

Joined: 2002-07-28
Posts: 13451

Posted: Wed, 2006-06-14 11:08

Gallery 2 supports using GD (PHP based image manipulation). More info @ http://codex.gallery2.org/index.php/Installing_an_Image_Processing_Library#GD

h0bbel - Gallery Team
If you found my help useful, please consider donating to Gallery
http://h0bbel.p0ggel.org

Login or register to post comments

Hetti

Joined: 2006-06-13
Posts: 4

Posted: Wed, 2006-06-14 11:23

Thank you for your fast answer. My provider already compiled a PHP with GD included, so i just deactivated ImageMagick and NETBPM in the site-administration and activated GD as image processing tool.

Greets
Hetti

Login or register to post comments

Skin Joined: 2003-05-06 Posts: 21	Posted: Mon, 2005-09-26 15:50
	My host disabled the function exec some weeks ago, I read the documentation, the forum and faq and I know that I need exec function to run gallery 1, so i asked them to make this function available again and they did it. Now they disabled again this function saing again that it's very unsafe to make exec available because exec and shell exec make everyone free to execute what they like,and this is very unsafe .... pratically they are sayng that software that requires exec function makes the server unsafe. They olso say that a software like gallery don't really need to use the exec function, ....(is it really possible?) I'd like to know the security problems with this function, if I understand well the problem is that in a shared hosting with exec enabled someone can install dangerous and malicious software? If this is correct the only way to have a secure environment and the exec function enabled is to have a private server and to know what script are running on the server? Thanks Alessio
	Login or register to post comments XUser login Username: * Password: * Create new account Request new password
h0bbel Joined: 2002-07-28 Posts: 13451	Posted: Mon, 2005-09-26 16:28
	Gallery has to use exec() to call the NetPBM or ImageMagick binaries so it can create thumbnails. Gallery 2 can use GD (internal PHP function) to do it though, so that might be a more viable solution for you. h0bbel - Gallery Team If you found my help useful, please consider donating to Gallery http://h0bbel.p0ggel.org
	Login or register to post comments
Skin Joined: 2003-05-06 Posts: 21	Posted: Tue, 2005-09-27 17:21
	h0bbel wrote: Gallery has to use exec() to call the NetPBM or ImageMagick binaries so it can create thumbnails. Gallery 2 can use GD (internal PHP function) to do it though, so that might be a more viable solution for you. Done I installed G2 and I made a theme to integrate G2 on my site http://www.web-design.pointnet.it/gallery/v/, I'm very happy with G2, I only can immagine how much did you work on this project. But in some sites I must use G1, and this sites stopped working with exec function disabled. Is there a way to make G1 working with GD or with exec function disabled. Thanks
	Login or register to post comments
h0bbel Joined: 2002-07-28 Posts: 13451	Posted: Tue, 2005-09-27 18:05
	No, there is no way to get G1 running with GD or without exec. h0bbel - Gallery Team If you found my help useful, please consider donating to Gallery http://h0bbel.p0ggel.org
	Login or register to post comments
Hetti Joined: 2006-06-13 Posts: 4	Posted: Wed, 2006-06-14 10:44
	h0bbel wrote: Gallery has to use exec() to call the NetPBM or ImageMagick binaries so it can create thumbnails. Gallery 2 can use GD (internal PHP function) to do it though, so that might be a more viable solution for you. Hello there, could you explain or post a link to a tutorial how to use this "GD" because my provider also disabled the exec() function. Thx
	Login or register to post comments
h0bbel Joined: 2002-07-28 Posts: 13451	Posted: Wed, 2006-06-14 11:08
	Gallery 2 supports using GD (PHP based image manipulation). More info @ http://codex.gallery2.org/index.php/Installing_an_Image_Processing_Library#GD h0bbel - Gallery Team If you found my help useful, please consider donating to Gallery http://h0bbel.p0ggel.org
	Login or register to post comments
Hetti Joined: 2006-06-13 Posts: 4	Posted: Wed, 2006-06-14 11:23
	Thank you for your fast answer. My provider already compiled a PHP with GD included, so i just deactivated ImageMagick and NETBPM in the site-administration and activated GD as image processing tool. Greets Hetti
	Login or register to post comments

function exec .. again

XUser login