After pounding for a few hours, I think I finally got the UID and GID tests for PHPSecInfo in an acceptable state. Two things have made this hard:
- You can really only do this with an exec() call to the “id” UNIX command, or the posix_* functions, either of which are frequently disabled
- There basically is not a foolproof way to programatically tell if a function is available or not in PHP
2 is the real rub, and quite annoying.
is_callable() will return TRUE even if a function has been disabled in php.ini with
disabled_functions (which, in my mind, is contrary to what “is_callable” implies).
function_exists() will return FALSE if the function is disabled in php.ini, but will return TRUE if the function is being blocked by
For now, the tests try
exec('id') first, seeing if it passes
safe_mode is disabled. If it fails those, the
posix_* functions are checked against
function_exists (they aren’t affected by
safe_mode. If those fail as well, the test will be skipped.
[tags]phpsecinfo, uid, gid, posix, exec, safe_mode, disabled_functions, function_exists, is_callable[/tags]