this post was submitted on 30 Oct 2023
989 points (96.1% liked)

Programmer Humor

32581 readers
1025 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago (3 children)

not only that but you just install it with the lamp stack setting in ubuntu tasksel with apache and mariadb. the beating that these can take (except maybe the sql) and survive is great. you also have access to the whole of linux to do more advanced stuff, while other languages/ stacks shy away from exec

[–] [email protected] 7 points 1 year ago (1 children)

other languages/ stacks shy away from exec

I’m sorry, what?

[–] [email protected] 10 points 1 year ago (1 children)

Turns out arbitrary code execution is actually great(!)

[–] [email protected] 2 points 1 year ago (1 children)

it does not have to be arbitrary my dude

[–] [email protected] 2 points 1 year ago (1 children)

Problem is, you’re mixing a number of different concepts into a nonsensical claim.

Exec as an “execute a string as a language instructions” is nothing new nor unique to PHP. Ruby on Rails, for example, uses it in a controlled manner to generate methods on ActiveRecord models.

Exec as an “replace this process with another process” is old news again. It’s not even language specific.

Popen/spawn family (which seems to be what you alluded to) is, once again, nothing new and is used everywhere.

[–] [email protected] -1 points 1 year ago

i just meant that python's and node's implementation is shit

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

All of that can be the same as other stacks except the Apache bit. You can stand up a Go application on Ubuntu hitting MariaDB as its persistence layer. Or Python. Or Node. Or Java. Or even Ruby. Shit, Haskell can do it.

~~Also, exec is a code smell. Arbitrary code execution is a massive security risk, and the effort to mitigate that risk is often less than explicitly building out the required functionality.~~

I think you need to explore more technologies, my friend. And read up on some security things

Edit: I now realize you mean exec as in calling out to a shell. All languages have this. Still, the overhead of spawning and managing a new process is often more than just implementing the logic in your application itself.

[–] [email protected] 1 points 1 year ago

I personally prefer hestiaCP but yes