disabled_functions=mail,putenv ;)

[defensahacker]

Good job and nice technique, but in a very restricted environment where mail() and putenv() are also in disabled_functions it may not work.

I am doing some further research if there is any function inside get_defined_functions() that also executes an execve() behind the scenes... or another method like transform chankro.so into ftp.so to trojanize ftp php functions if putenv(LD_PRELOAD) is available and is called before ftp_connect()...