Can you turn a PHP script into an executable? (Linux)

[Hes]

Hi all,

I have "inherited" some PHP (command-line) scripts that are used on a Linux system for some small database calls (SOAP). I need to turn these scripts into standard linux executables. I have seen a number to projects (phc, HHVM, recki-ct), but none of those seem to be able to do the trick. phc was abandoned a while ago and isn't compileable anymore, HHVM does not create executables, and recki-ct only throws a ton of build errors on my system, so I can't even test it.

 

The scripts were written using PHP5.5 and are only a few hundred lines long. What can I do to turn them into an executable (ELF file format) for Linux (other than a complete rewrite in another language, which is way too time-consuming)?

 

Any help is appreciated.

 

Cheers, Frank.

 

 

[requinix]

Actual executables? Or simply things you can run as ./script.php?

 

For actual executables... don't. It's not worth it. PHP code was not meant to be compiled into executables. There are projects out there which say they can, but seriously reconsider whether you actually need to do that. Consider what would happen with extensions and INI settings and all that: either you would have to have PHP installed on the system anyways, or all that would need to be baked into the program, or the executable would have to be bundled with all that stuff.

 

If ./script.php is sufficient, stick a

#!/usr/bin/php

(substitute the appropriate path to PHP) at the top of the file, then chmod +x it.

[Hes]

Hi,

yes, I'd need actual executables (the "#!/usr/bin/php" you propose is the current state of affairs). The problem with that is the fact that the scripts can be read by anyone with access to the system, which include secret data. 

 

These scripts are called from within a C++ application, and there is no time to rewrite them in a completely different, compilable language. But I cannot leave passwords or encryption keys in the clear (or in easily reversible form) on the system, either. So my idea was to compile them. 

 

Is there any other way to hide this information (and/or the algorithms used to decrypt them), or to call the php scripts in such a way that this information can't be seen?

[requinix]

If someone has access to the system then you're done for. Basic tenet of computer security. Obfuscating, hashing, compiling code, none of that will protect you for long.

 

If this information is so secretive that you don't want these people with access to be able to see it then don't give them access. It's that simple.

[Hes]

I cannot keep people from just taking out the hard drive or whatever storage is being used when the device isn't standing behind bars at my place. By that same logic, no computer device may ever be put up in a public location. 

 

The information in question is about as sensitive as any login credential used for anything. I'm not a complete idiot and know very well that absolute security is impossible. But it should be harder to get to this information than just reading out a plain-text file, i.e. the php script. That's what I'm aiming for.

 

I could include the php script and its includes into a resource section of the main application executable (which is encrypted using a hardware dongle), but so far, I have found no way of executing the script from within that resource. I can access the file directly from within the executable, but I'd have to feed it (and its includes) to the php interpreter somehow.