[wp-trac] [WordPress Trac] #37978: Warning: posix_getpwuid() has been disabled for security reasons

WordPress Trac noreply at wordpress.org
Thu Sep 8 16:43:20 UTC 2016 

#37978: Warning: posix_getpwuid() has been disabled for security reasons
----------------------------+------------------------------
 Reporter:  AndyDeGroo      |       Owner:
     Type:  defect (bug)    |      Status:  new
 Priority:  normal          |   Milestone:  Awaiting Review
Component:  Filesystem API  |     Version:  4.6.1
 Severity:  normal          |  Resolution:
 Keywords:                  |     Focuses:
----------------------------+------------------------------

Comment (by AndyDeGroo):

 I create a test script to see if `function_exists()` really returns true
 for disabled funtions:
 {{{#!php
 <?php
 $disabled_functions = ini_get('disable_functions');

 echo "disable_functions = $disabled_functions\n\n";

 $disabled_functions = explode(",", $disabled_functions);

 foreach( $disabled_functions as $function ) {
         $function = trim($function);
         printf( "function_exists('%s') => %s\n", $function, (
 function_exists($function) ? 'true' : 'false' ) );
 }
 }}}


 The results are even more confusing. Same host, same configuration but all
 checks return `false`:

 {{{
 disable_functions = exec, passthru, shell_exec, system, proc_open, popen,
 apache_child_terminate, apache_setenv, define_syslog_variables,
 pcntl_exec, openlog, posix_getpwuid, posix_kill, posix_setpgid,
 posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close,
 proc_get_status, proc_open, proc_terminate, syslog

 function_exists('exec') => false
 function_exists('passthru') => false
 function_exists('shell_exec') => false
 function_exists('system') => false
 function_exists('proc_open') => false
 function_exists('popen') => false
 function_exists('apache_child_terminate') => false
 function_exists('apache_setenv') => false
 function_exists('define_syslog_variables') => false
 function_exists('pcntl_exec') => false
 function_exists('openlog') => false
 function_exists('posix_getpwuid') => false
 function_exists('posix_kill') => false
 function_exists('posix_setpgid') => false
 function_exists('posix_setsid') => false
 function_exists('posix_setuid') => false
 function_exists('posix_setuid') => false
 function_exists('posix_uname') => false
 function_exists('proc_close') => false
 function_exists('proc_get_status') => false
 function_exists('proc_open') => false
 function_exists('proc_terminate') => false
 function_exists('syslog') => false
 }}}

--
Ticket URL: <https://core.trac.wordpress.org/ticket/37978#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list