Actions
Bug #11941
closedMany ``exec()`` functions do not use full path to executable files
Start date:
05/20/2021
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
22.05
Release Notes:
Default
Affected Version:
Affected Architecture:
Description
Here's a list:
etc/inc/system.inc: mwexec("cat /tmp/gps.init > {$serialport}"); etc/inc/system.inc: mwexec("nohup /etc/rc.reboot > /dev/null 2>&1 &"); etc/inc/interfaces.inc: exec("$chan_list | $stack_list | sort -u | $format_list 2>&1", $interface_channels); etc/inc/service-utils.inc: mwexec_bg("service pcscd onestart"); etc/inc/service-utils.inc: mwexec_bg("service pcscd onestop"); etc/pfSense-rc.shutdown:find -x /tmp/* -type f -exec rm -f {} \; >/dev/null 2>&1 etc/rc.bootup: exec("logger -f /var/log/restore_ramdisk_store.boot"); etc/phpshellsessions/gitsync: exec("find /tmp -name \"php-fastcgi.socket*\" -exec rm -rf {} \;"); etc/phpshellsessions/gitsync: exec("find /tmp -name \"*.tmp\" -exec rm -rf {} \;"); etc/phpshellsessions/gitsync: exec("rm -rf /tmp/xcache/* 2>/dev/null"); etc/phpshellsessions/gitsync: exec("pfctl -f /tmp/rules.debug"); etc/phpshellsessions/gitsync: mwexec_bg("sh /tmp/restart_nginx"); etc/phpshellsessions/gitsync: exec("rm -rf /root/pfsense/mainline"); etc/phpshellsessions/gitsync: exec("rm -rf /root/pfsense/RELENG_1_2"); etc/phpshellsessions/gitsync: exec("rm -rf /root/pfsense/HEAD"); etc/phpshellsessions/gitsync: exec("tar Uxpf /root/cvssync_backup.tgz -C /"); etc/phpshellsessions/gitsync: exec("tar czPf /root/cvssync_backup.tgz --exclude /root --exclude /dev --exclude /tmp --exclude /var/run --exclude /var/empty /"); etc/phpshellsessions/gitsync: exec("mkdir -p $CODIR/pfSenseGITREPO"); etc/phpshellsessions/gitsync: exec("mv $CODIR/pfSenseGITREPO/pfSense $CODIR/pfSenseGITREPO/pfSenseGITREPO"); etc/phpshellsessions/gitsync: exec("mv $CODIR/pfSenseGITREPO/mainline $CODIR/pfSenseGITREPO/pfSenseGITREPO"); etc/phpshellsessions/gitsync:exec("rm -rf {$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/conf*"); etc/phpshellsessions/gitsync:exec("rm -rf {$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/cf 2>/dev/null"); usr/local/pfSense/include/www/diag_arp.inc: exec("host -W 1 " . escapeshellarg($ip), $output); usr/local/www/diag_packet_capture.php: exec("kill $process_id"); usr/local/www/diag_arp.php: $ret = mwexec("arp -d " . $_POST['deleteentry'], true); usr/local/www/firewall_shaper_queues.php: mwexec("killall -9 pfctl"); usr/local/www/diag_sockets.php: $internet4 = shell_exec('sockstat -4'); usr/local/www/diag_sockets.php: $internet6 = shell_exec('sockstat -6'); usr/local/www/diag_sockets.php: $internet4 = shell_exec('sockstat -4l'); usr/local/www/diag_sockets.php: $internet6 = shell_exec('sockstat -6l'); usr/local/www/widgets/widgets/rss.widget.php: exec("chmod a+rw /tmp/simplepie/."); usr/local/www/widgets/widgets/rss.widget.php: exec("chmod a+rw /tmp/simplepie/cache/."); usr/local/www/widgets/widgets/smart_status.widget.php: $dev_ident = exec("diskinfo -v /dev/$dev | grep ident | awk '{print $1}'"); ## get identifier from drive usr/local/www/widgets/widgets/smart_status.widget.php: $dev_state = trim(exec("smartctl -H /dev/$dev | awk -F: '/^SMART overall-health self-assessment test result/ {print $2;exit} usr/local/www/system_update_settings.php: exec("cd /root/pfsense/pfSenseGITREPO/pfSenseGITREPO && git config remote.origin.url", $output_str); usr/local/www/system_update_settings.php: exec("cd /root/pfsense/pfSenseGITREPO/pfSenseGITREPO && git branch", $output_str); usr/local/www/firewall_shaper.php: mwexec("killall -9 pfctl php");
Updated by Viktor Gurov about 3 years ago
Updated by Jim Pingle about 3 years ago
- Status changed from New to Pull Request Review
- Assignee set to Viktor Gurov
- Target version set to CE-Next
- Plus Target Version set to Plus-Next
Updated by Jim Pingle almost 3 years ago
- Subject changed from Many exec() functoins don't use full path to executable files to Many exec() functions don't use full path to executable files
Updated by Viktor Gurov almost 3 years ago
- Status changed from Pull Request Review to Feedback
Merged
Updated by Jim Pingle almost 3 years ago
- Target version changed from CE-Next to 2.7.0
- Plus Target Version changed from Plus-Next to 22.05
Updated by Jim Pingle over 2 years ago
- Subject changed from Many exec() functions don't use full path to executable files to Many ``exec()`` functions do not use full path to executable files
Updating subject for release notes.
Updated by Reid Linnemann over 2 years ago
- Status changed from Feedback to Resolved
Actions