Community
Participate
Working Groups
None of the following appear to work when served from http://build.eclipse.org/modeling/ system("/usr/bin/whoami"); passthru("/bin/ls"); exec("touch /tmp/foo"); Is this intentionally disabled? If so, this is a serious blocker since I need some way to allow webpages to be able to interact w/ the filesystem. Currently, I assemble a shell script with parameters set using a form (like which project to build, what JDK to use, what cvs branch, version, buildID), and then exec() that and let it run headlessly as the web user in a specific directory. If needs be I suppose I could instead create a temporary file somewhere and run a cron to check the contents of that file in order to start up builds. or, we could make people do their builds via commandline, logged in as their cvs users. Either way is not ideal.
Yes, this is intentional. Because the build server has CVS and downloads mounted locally, having those PHP functions enabled is a security risk. It's a tradeoff between performance and security. > If needs be I suppose I could instead create a temporary file somewhere and run > a cron to check the contents of that file in order to start up builds. Perhaps not ideal, but from my standpoint, it's more secure. Sorry. We do this for JAR signing, actually. Because the signer (committers) would need read access to our cert (which I don't want) I only allow signers to put files in a queue (a text file). A dedicated signing user, via cron, then sanitizes and processes the queue. Again, not ideal, but in the interest of security, I have no choice.
Fair enough, I'll work around this issue as suggested w/ cron and queue files. Closing as WONTFIX.
Per changes made for bug 178148 (crontab-based lockfile watcher script), this is definitely no longer an issue.