2

EDIT

It seems that I cannot cat /dev/urandom from a PHP script, please keep this in mind while reading the following

/EDIT

I ran into an issue while trying to execute a BASH script from PHP, seems to be halting at generating a rand directory (variable generate) I can see if I change the variable string to something like foo as I did in the commented out portion of the script this executes appropriately.

What is the issue with sghell_exec'ing cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1 is this a (possibly) restricted command sequence to user(s) www-data (DEB based system) or httpd (RHEL based system)

The bash script

#!/bin/bash

# INP : co.sh ${website} ${branch} ${hash}

set -x # trace

declare -r hostname='localhost'

# bricks
declare -r generate=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)

# works
#declare -r generate='foo'

declare -r archive="$1" # git repository name
declare -r branchd="$2" # git repo branch name
declare -r hashmap="$3" # git blob hash (6/~)


# if repository or branch is empty...
if [ '' == "${archive}" ] || [ '' == "${branchd}" ]; then

   [ '' == "${archive}" ] &&  echo -e "ERR: Archive must be defined."
   [ '' == "${branchd}" ] &&  echo -e "ERR: Branch must be defined."

       exit 1 # err fatal
fi

    # clone repository to rand directory
    git clone "git@${hostname}:web-archive/${archive}.git" "/var/www/html/${generate}"
    cd "/var/www/html/${generate}" && git checkout "${branchd}"

    position='HEAD' # pre-warm

    [ '' != "${hashmap}" ] &&
    {
        git reset "${hashmap}" --hard   # move to hash blob
        position="${hashmap}"           # override position
    }

    # encode for push
    json="{'s':'${archive}','b':'${branchd}','h':'${position}','d':'${generate}'}"

echo -e "\nSUCC: ${json}"

The test runner script

#!/usr/bin/php
<?php

$dir=__DIR__; // curr

$site_name='www.foo.com';

$rev_hash='feb2da';

$cmd="$dir/co.sh " . escapeshellarg($site_name) . " 'render' " . escapeshellarg($rev_hash);

echo "running $cmd\n";
$ret = passthru($cmd,$return_status));

trace log

running /{dir_path}/co.sh 'www.foo.com' 'render' 'feb2da'
+ declare -r hostname=localhost
++ cat /dev/urandom
++ fold -w 32
++ head -n 1
++ tr -dc a-zA-Z0-9
Improve this question
15
  • Are you running the script in the context of a PHP session? In such case, check part 2 of the answer to this question: stackoverflow.com/questions/13690490/… Commented Dec 3, 2013 at 19:22
  • @Claudix - that seems pretty Windows-specific. ehime - is the actual bash script failing when you try to run it, or only when run via that test runner? What error(s), if any, do you get? Commented Dec 3, 2013 at 19:24
  • Can you check the permissions of /dev/urandom? Commented Dec 3, 2013 at 19:25
  • 1
    Honestly keeping the above in mind, I can use openssl rand -base64 36 | tr -dc 'a-zA-Z0-9' just as well without worrying about accessing /dev/urandom Commented Dec 3, 2013 at 19:55
  • 1
    Haha. Actually, you should answer your own question; totally acceptable to do. Commented Dec 3, 2013 at 20:19

1 Answer 1

Reset to default
3

Due to PHP not liking to operate on /dev/urandom the following is an acceptable compromise

openssl rand -base64 36 | tr -dc 'a-zA-Z0-9'

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

lmao, completely worth the extra bandwidth ;)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.