I've written my first PHP web page and was hoping I could get someone
with more security knowledge than me to throw in a comment or two.
Here's the source:
<?php
$ip = $_SERVER['REMOTE_ADDR'];
print "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\"
\"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n".
"<html>\n".
"<head>\n".
"<meta http-equiv=\"Content-Type\" content=\"text/html\;
charset=iso-8859-1\"/>\n".
"<title>scottjohnson.us - what is my IP?</title>\n".
"<link href=\"style.css\" rel=\"stylesheet\"
type=\"text/css\"/>\n".
"</head>\n".
"<body>\n".
"<div class=\"header1\">Your IP address is:<br/><br/></div>\n".
"<div class=\"ip\"><b>".$ip."</b><br/><br/></div>\n".
"<div><hr/><br/><br/></div>\n".
"<div class=\"header1\">Your host name is:<br/><br/></div>\n".
"<div
class=\"ip\"><b>".gethostbyaddr($ip)."</b><br/><br/></div>\n".
"<div><hr/><br/><br/></div>\n".
"<div class=\"header1\">Traceroute:<br/><br/></div>\n".
"<div class=\"trace\"><b><pre>".shell_exec ("traceroute
$ip")."</pre></b><br/><br/></div>\n".
"<div><br/><br/></div>\n".
"<div class=\"w3c\"><img style=\"w3c\"
src=\"http://www.w3.org/Icons/valid-xhtml11\" alt=\"Valid XHTML 1.1!\"
/> <img style=\"w3c\"
src=\"http://jigsaw.w3.org/css-validator/images/vcss\" alt=\"Valid
CSS!\" /></div>\n".
"</body>\n".
"</html>\n";
shell_exec ("killall -q traceroute");
?>
my question.... what security concerns should I have with the call
"shell_exec ("traceroute $ip")"? I would image this is getting
executed with the privileges of my Apache user - is this a good thing?
Is there a better way to call this traceroute command?
Any comments/suggestions appreciated. Like I said, this is my first
PHP script - working on converting over my ASP sites to PHP, and this
code alone took me an hour.
Scott
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sat Mar 13 15:22:39 2004
This archive was generated by hypermail 2.1.8 : Sat Mar 13 2004 - 15:22:39 AKST