Fedora 15 PHP exec() does not work

Question

I cannot run an executable by PHP exec() function.

OS: Fedora 15

PHP safe_mode off

PHP code is:

$exe = "/tmp/defne/./CwCssUGxhjAc";
$result = system( $exe, $retval );

chmod 777 on /tmp/defne and /tmp/defne/CwCssUGxhjAc

I can run it on the command line by:

sudo -u apache /tmp/defne/CwCssUGxhjAc

PHP gives apache when I call whoami through a PHP script.

I can run other executables such as gcc, whoami, etc. through PHP. But I cannot run a C/C++ compiled binary.

In apache error log it says:

sh: /tmp/defne/./CwCssUGxhjAc permission denied

Selinux is enabled.

PS: I do not want to disable selinux. Thanks for your ingenious ideas if you would suggest disabling selinux. I can equally well disable the power plug of my computer.

Answer 1

SELinux is almost certainly preventing Apache from executing things in /tmp. You can verify this by checking /var/log/audit/audit.log.

The easy solution is to move the binary to a standard location for executables; /usr/local/bin is probably most appropriate.

Alternatively, you could apply the appropriate file context (bin_t) to the binary:

sudo semanage fcontext -a -t bin_t /tmp/defne/CwCssUGxhjAc
sudo restorecon -v /tmp/defne/CwCssUGxhjAc