shell


“ps aux” output on the webpage?


I am wondering is this safe way to put ps aux into array and then display on the web? Or what could be done to improve it?
Example:
<table width="900px" border="1">
<tr>
<td> PID </td>
<td> CPU </td>
<td> Mem </td>
<td> Start </td>
<td> Command</td>
</tr>
<?php
exec("ps aux | grep -v grep | grep process.php", $psOutput);
if (count($psOutput) > 0) {
foreach ($psOutput as $ps) {
$ps = preg_split('/ +/', $ps);
$pid = $ps[1];
$cpu = $ps[2];
$mem = $ps[3];
$time = $ps[8];
$command = $ps[10] . " " . $ps[11];
echo "<tr>";
echo "<td>" . $pid . "</td>";
echo "<td>" . $cpu . "</td>";
echo "<td>" . $mem . "</td>";
echo "<td>" . $time . "</td>";
echo "<td>" . $command . "</td>";
echo "</tr>";
}
}
?>
</table>
I am wondering is this safe way to put ps aux into array and then display on the web? Or what could be done to improve it?
Nothing as far as I can tell. If this is the actual code and the command isn't created from user input, there is absolutely nothing wrong with this code, apart from the fact that <table width="900px"> is generally controlled by CSS, not HTML. But that's all the critique I can think of.
EDIT: Quentin makes a very valid point in that you should use htmlspecialchars before displaying in HTML.
Always use htmlspecialchars when displaying text in an HTML document. Someone might be using a < or & character as part of their command line
ps aux will show any commands running on the system — including any where that someone has included a password on the command line
Not a security problem, but the deprecated HTML width attribute takes an integer that is optionally followed by a % character, it doesn't take a CSS length.
Also not a security problem, but you should use table heading elements for your table headings.
To improve it you could simplify your exec a bit.
ps can look for process names for you using the -C option.
and you could manually list the columns you want to read out using the -o option. That way you will always get predictable output even if the ps aux command changes or whatever.
ps -C php -o args cpu | grep process.php
Look at "Standard Format Specifiers" in the ps man page to get all the columns you want.

Related Links

How to export files from SVN to remote FTP server
in shell how to combine rows between two strings into one row
How to Build a maven project using script file?
How to execute SWI-prolog command from shell?
Weird C-shell return code for evaluating 1-1
hadoop.sh cannot locate/access TEZ jars: No such file or directory error
Redirecting file descriptors
Extract words from a List in C Shell
What is the function of shell
tmux with C-shell (tcsh) alias are lost
Chaining 4 unix commands together and breaking the command to additional lines
Redirecting stderr
cat: not found when I execute ksh script
My command prompt terminal won't change?
Cygwin can't execute shell script
Reading from kshell output in same file

Categories

HOME
android
embedded
gpu
devise
rom
maxscript
nuget-package
augeas
32bit-64bit
reactive-programming
text-mining
mod-security
filechannel
libusb
dreamweaver
xmonad
jmp
nodemcu
ksh
r-mice
visual-studio-extensions
xunit
google-cloud-print
tizen-tv
winpe
panoramas
mobx
playstation-portable
android-gridview
arduino-ide
processwire
openerp-7
sim-card
ogc
magento-1.9.3
naming
ssrs-2014
xmldocument
flask-login
opennms
jquery-ui-draggable
wcftestclient
spring-integration-sftp
globalize
dbcontext
pair-programming
backbone-collections
opengl-4
android-testing
ngmaterial
avx
libjpeg
cd-burning
mathcad
vibrate
builtins
avspeechsynthesizer
tracker-enabled-dbcontext
upx
lz77
inf
directdraw
terracotta
iokit
fiware-monitoring
rate-limiting
jsvc
kubuntu
cross-join
execve
machine-instruction
genymotion-call
human-computer-interface
tinyxml
memset
terminate
scriptaculous
ie8-compatibility-mode
cnf
wp7test
onmousemove
listitem
cuda-gdb
objectquery
relative
listactivity
multiplatform
quotation-marks
commerceserver2007
silent
office-2007
windows-identity
fail-fast-fail-early
soappy

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App