Hello. Faced the following task - you need to compile a project written in C ++ from under PHP.

Googled, stumbled upon this: Compiling C ++ and PHP

Ie, as I understand it, all that’s worth is that calling G ++ through system() or exec() , and something like this will be released:

 $out = exec(g++ $proj -o $o);

But I would like to clarify the following - how dangerous can this approach be? Moreover, the project code is almost completely static and changes minimum information before compiling.

Interesting expert opinion, in general.

  • If the word project is used , it is more appropriate to invoke make . - avp
  • Hm And in what sense is “dangerous”? Tell us your threat model. Do you have a code delivered by a potentially malicious user? - VladD

1 answer 1

Well, it is necessary to secure the variables #proj and $o this anyway, although linux will not give access if $proj = /etc/myproj , and the program code itself takes the passwd file, for example, this is not safe, you go very thin ice, there are a lot of vulnerabilities. And first of all, configure file permissions, then close any possibility to change these permissions.

  • And for python there is something like virtualenv, maybe for php you will find, its essence is that it creates its own environment in any folder, the settings of which will not depend on the system ones and change separately, this is, of course, more used for project management, but you may need it in this way. - OlegUP