TYPO3 Core

If I use the TYPO3\CMS\Core\Utility\CommandUtility::getCommand() Method and /usr/lib/ or other lib dirs are not in the defined open_basedir path TYPO3 would not execute a command even if it is possible.

The checkCommand() Method called by the getCommand() Method tries to validate the given path "/usr/lib" for example, open_basedir prevents access to this directory for the is_dir() method in initPaths() on Line 325 and 338. So the paths are not valid to execute so the foreach part in checkCommand() is skipped.

After the foreach TYPO3 tries to get the cmd by executing the "which" command. This will return something like /usr/bin/jpegoptim. The next steps cant work cause the is_executable check will also fail on the open_basedir restriction. Even if this check is removed the following will not work cause the $cmd var is overwritten.
$cmd = 'jpegoptim'; becomes $cmd = '/usr/bin/jpegoptim'; so the following code does not the expected:

self::$applications[$cmd]['app'] = $cmd;
self::$applications[$cmd]['path'] = dirname($cmd) . '/';
self::$applications[$cmd]['valid'] = true;
return true;

the array key is wrong and the app cmd which will be concatenated with the path in the getCommand() method becomes /usr/bin//usr/bin/jpegoptim

So the correct code should be something like:

    $fullCmd = @self::exec('which ' . $cmd);
    if ($fullCmd) {
        self::$applications[$cmd]['app'] = basename($fullCmd);
        self::$applications[$cmd]['path'] = dirname($fullCmd) . '/';
        self::$applications[$cmd]['valid'] = true;
        return true;
    }

with this code the correct cmd will be executed even if open_basedir prevents access to /usr/bin/. Add /usr/bin to open_basedir should be no secure solution.