Home » Blogs » greg's blog

PHP exec unlike other execs

In PHP the exec call is part of a family of calls that can run commands on the server. These include system, passthru and shell_exec. They all offer slightly different functionality and all require careful security audit to ensure that you do not allow unscrupulous users of your site access to the operating system.

They have a significant design flaw in that some return the last line of the output from command which you run or a boolean. Using the right command you can capture the output, though not error output, of the command and find out the return status of the command.

The "last line" functionality is fairly useless and the mixture of string and boolean return values is schizophrenic. However tha't not what I want to write about here. The problem is the use of the term "exec" which means something quite different to shell and C programmers.

A system call is a call from a running process/program to the kernel. It causes a slight delay while the process changes from running in "user" mode to running in "kernel" mode and gets rescheduled to run again. When the system call ends it returns the process to user mode along with the return status (an integer) of the system call.

In C, the exec family of system calls (they differ in the way they handle command parameters) overwrite the process space of the current process with a new program. Your old running program/process ends abruptly.

That would not be too useful if it wasn't combined with the fork system call. Fork causes the process to make an almost exact copy of itself and to start running. The only significant difference(s) between these two processes are their process ids and the return status from the fork system call. This is used to tell each process whether it is theparent or the child process.

Combining this (fork) with exec allows a process to run other commands. What it does is to fork a copy of itself then the cild process calls exec() to run the required command.

The parent process can use the wait() system call to wait until the child process has finished and get the return status of the command that the child ran.

This is all quite different from PHP's exec call, though no doubt it uses the fork() and exec() system calls. If you use PHP's exec call your process is not overwritten and that's why PHP exec is a misnoma.