suPHP and Lazarus console application running into weird shell malfunctions

Question

i do appologize for the title, but couldn't find any other explaination. My company is running a development server with the latest LTS Ubuntu+Apache2+suPHP. To handle it, i am writing a Zend2 and Lazarus application. The web part with Zend runs well. The problem is the console application written in Lazarus. It runs a couple of classes, to create databases and users, to download frameworks and so on. Also it should run a couple of shell commands for administration purpose (with root permissions). To aquire the rights, i am using a pretty ugly solution, using echo mymagicpassword | sudo -S mymagiccommand. Here's a snippet:

constructor TRootProcess.Create(AOwner: TComponent);
begin
    inherited Create(AOwner);
    Options:=[poUsePipes,poWaitOnExit];
    Executable:='/bin/sh';
    Parameters.Add('-c');
    Parameters.Add('echo %pwd% | sudo -S ');
end;

function TRootProcess.ExecuteCommand(command: String): String;
var
  str: TStringList;
begin
    str:=TStringList.Create;
    command:=Copy(Parameters.GetText, 0, Length(Parameters.GetText)-1)+command;
    command:=StringReplace(command,'%pwd%','mymagicpassword',[rfReplaceAll]);
    Parameters.SetText(PChar(command));
    Execute;
    str.Clear;
    str.LoadFromStream(Output);
    Result:=str.Text;
end;

If i run this application by hand, everything runs well. But if i run it from PHP Applicaiton using shell_exec , the whole application runs (even the very last log entries) beside, starting other shell applications (ls, cp mkdir, useradd, chmod and so on) I have actually no idea, what the problem is, anymore. I don't get any errors in stdout/stderr, suPHP log or even Apache2 log. Also running from PHP went well for about a week and apparently stopped working.

Thanks in advance

Answer 1

The problem is not really well described. At the very least, the line with Copy( is wrong, since strings start with index 1, not 0.

The loadfromstream is also not safe. Specially with larger outputs this might not complete. See "TProcess large I/O" in the Lazarus/FPC wiki.

Finally, you spawn new shells. After the command is done, the shell will be destroyed, and the next command will have yet another new shell. So doing "cd" is pretty pointless that way.