CSF unable to detect disable_functions correctly!

P

phpempire

Verified User
Joined
Jun 22, 2009
Messages
19
Hello Everyone,
Although the php.ini configuration is correct and the php high risk functions are disabled, the "php -i
grep disbale_functions "command output is empty.
php -i | grep disable_func
disable_functions => no value => no value

Therefore, the csf check for disabling_functions is also shown incorrectly.

PHP installed as FPM and phpinfo(); function on user show all disable functions correctly.
It looks like the csf checking method could have been better.

Thank you
 
This is exactly the problem we have with Direct Admin Servers in recent weeks, and although the functions are inactive, the php - i command does not detect and the firewall also displays an error.
 
What happen when you run
Code: 
cd /usr/local/directadmin/custombuild/
./build secure_php

then run
Code: 
grep disable_functions /usr/local/php*/lib/php.ini

CustomBuild secure_php | Directadmin Docs

DirectAdmin Knowledge Base
docs.directadmin.com

My PHP check comes back ok in csf on Debian 11. What OS and version are you using?
 
Last edited:
bdacus01 said:
What happen when you run
Code: 
cd /usr/local/directadmin/custombuild/
./build secure_php

then run
Code: 
grep disable_functions /usr/local/php*/lib/php.ini

CustomBuild secure_php | Directadmin Docs

DirectAdmin Knowledge Base
docs.directadmin.com

My PHP check comes back ok in csf on Debian 11. What OS and version are you using?
Click to expand...
I have exactly this problem and I have the server iwith centos 7 and I entered and executed build secure php it, but again the problem was not solved and the php - i output shows the disable function = no value
I tested this problem on two Direct Admin servers
 
Hmm weird,
grep disable_functions /usr/local/php*/lib/php.ini shows:
disable_functions = exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname

But CSF still dont see it, maybe an bug ?, using Almalinux 8.5, PHP 7.4 as main
 
Active8 said:
Hmm weird,
grep disable_functions /usr/local/php*/lib/php.ini shows:
disable_functions = exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname

But CSF still dont see it, maybe an bug ?
Click to expand...
This is exactly my problem
 
Hmm other server which has php 7.3 (also Almalinux 8.5) as main doesnt have this problem and CSF detect it
Maybe an bug with detection with PHP 7.4 ?
 
I have php 7.4 on debian 11. No issues with csf.

Maybe rebuild PHP or reinstall CSF and see?
 
Active8 said:
Hmm other server which has php 7.3 (also Almalinux 8.5) as main doesnt have this problem and CSF detect it
Maybe an bug with detection with PHP 7.4 ?
Click to expand...
I do not think it is related to the php version. I also tested on php in categories 5.6-8. There is the same problem again.
 
bdacus01 said:
I have php 7.4 on debian 11. No issues with csf.

Maybe rebuild PHP or reinstall CSF and see?
Click to expand...
The problem is not only csf, the output of the php-i command also displays the disable function no value
 
I have never had this problem before, but it exists in all Direct Admin servers I configured last week.
 
tarsiran said:
php-i command also displays the disable function no value
Click to expand...
Yes but in DA the documentation shows How to see if it disabled.
Code: 
grep disable_functions /usr/local/php*/lib/php.ini
not php -i

The command you sent The command you sent
Code: 
php -i | grep disable_func
Doesn't work on my server either.

My CSF check is just fine.
 
bdacus01 said:
Maybe rebuild PHP or reinstall CSF and see?
Click to expand...
nope didnt help, its not really an problem functions are disabled anyway: /usr/local/php74/lib/php.ini

; This directive allows you to disable certain functions.
; It receives a comma-delimited list of function names.
; http://php.net/disable-functions
disable_functions = exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
 
Last edited:
For what it's worth, I am on Rocky Linux 8.5, running both 7.4 and 8.0. This install was done back around June 2021. CSF reports php Check as Ok (Check php for disable_functions).

Code: 
# php -i | grep disable_func
disable_functions => exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname => exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname

# grep disable_functions /usr/local/php*/lib/php.ini
/usr/local/php74/lib/php.ini:disable_functions = exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
/usr/local/php80/lib/php.ini:disable_functions = exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
 
so what can we do to resolve csf error?
IMG_20220210_034322_585.jpg
 
smtalk said:
2832 - Clear disable_functions on command-line PHP calls
Click to expand...
So what does it do then ?,
Why are there mixed results? ,
As said, I have checked 2 Almalinux 8.5 servers , one of them has no problems but other has this "bug" using the same CB version !
 
You must log in or register to reply here.
Back
Top