It’s safe, as in, you won’t break Webmin or Virtualmin by disabling those, as they’re purely Perl-based.
What I can’t speak to is what PHP apps will break without those functions
Any number of PHP apps could use those, you just may need to search through the PHP code and verify those functions aren’t in any apps you want to run (including those installed by Virtualmin’s Install Scripts).
-Eric
"those functions" is sort of nonsensical. Either you are running your applications under suexec, or you are not. There is no choosing what functions run under suexec.
Do you have SuexecUserGroup in your httpd.conf? And is PHP configured to run as either CGI or FastCGI (with wrappers owned by the user)? If both of those is true, then you are. If either of those is not true, then you aren’t (and, as far as I’m concerned no amount of fiddling with PHP configuration is going to make it secure in an environment with non-trusted users).
I mean it’s nonsensical to say “if those functions run under suexec”. Either PHP is or is not running under suexec–nothing in php.ini has any impact on whether it is running under suexec, including the disabled functions directive.