:D
For those noobz who have 1 or higher add this in your php.ini:
Code:
disable_functions = show_source,symlink,system,shell_exec,passthru,exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate
This is just an example, more can be added it depends on your hosting type and php software that you use.
More:
Code:
disable_functions = apache_get_modules,apache_get_version,apache_getenv,apache_note,
apache_setenv,disk_free_space,diskfreespace,dl,
highlight_file,ini_alter,ini_restore,openlog,passthru,phpinfo,
proc_nice,shell_exec,show_source,symlink,system
dl — Loads a PHP extension at runtime
This function is required for loading ionCube on the fly. However if you have a popular sites using ionCube then the better way is to load it from php.ini anyway. Not only because of speed increase, also you would be in control of ionCube versions so you can make sure that they match with your PHP versions.
exec — Execute an external program
This function is required for XCart and spellcheck feature of Horde. There is no good thing I can say about letting this function work. You could perhaps use safe_mode to designate a safebin environment where you let users to execute only the binaries you allow.
fsockopen — Open Internet or Unix domain socket connection
This function is unfortunately required for Virtuemart paypal module. Thus removed from the example above. You can add it if you are sure that it wont break anything in your system.
popen — Opens process file pointer
This function is required for XCart. Similar to the exec function and can be limited by using safe_mode. Too bad that PHP developers decided to drop safe_mode in php6
set_time_limit — Limits the maximum execution time
Disabling this function seems to effect gallery2. In either case a script would timeout when apache timeouts are reached which is 300 seconds by default. Thus it should be more or less safe to let this one unless the site in question is a very busy site and causing problems.
popen — Opens process file pointer
This function is used by MediaWiki when calling diff3 (used to merge 3 texts). It is also used by Horde while calling sendmail to send mail (does not effect Horde if SMTP is used for sending mail)
proc_open — Execute a command and open file pointers for input/output
This function is used by MediaWiki in Parser.php in a function.
Here are more functions to disable:
http://www.phpbuilder.com/manual/features.safe-mode.functions.php