从 php 执行命令的安全性
我正在编写一个 Web 应用程序,其中使用多个第三方命令,通过 PHP 中的 exec 函数调用它们(例如,我通过命令行程序呈现 Latex 公式)。
我的问题是:在php中执行外部命令行程序有哪些安全问题?我必须注意什么?您能给我一份要检查的要点清单吗?
编辑:我知道我必须清理用户输入以防止执行任意命令...还有其他需要检查的事情吗?
提前致谢。
I'm writing a web application in which i use several thirdy party commands calling them with the exec
function in PHP (for example, I render Latex formulas through a command-line program).
My question is: what are the security issues of executing external command-line programs in php? What I have to be aware of? Can you give me a list of points to check?
EDIT: I'm aware that I have to clean the user input to prevent executing arbitrary commands... Are there any other things to check?
Thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(7)
请小心转义您可能使用 escapeshellarg() 放入命令中的任何传入数据。
使用您选择的可执行文件的绝对路径可以最大限度地降低 PHP 脚本调用错误文件的风险。
除此之外,我看不出其他一些答案中有什么大惊小怪的 - 毕竟,您不是在谈论让用户执行任意命令。 (如果我错了,请纠正我。) 一般来说,从 PHP 执行外部命令在我看来是一种非常好的安全实践。
您需要记住,您调用的程序正在以 PHP 用户权限运行,并且可能不允许执行所有操作,但我假设您已经知道这一点。
Be careful to escape any incoming data that you may be putting into the command using escapeshellarg().
Using absolute paths to the executable of your choice minimizes the risk of the PHP script calling the wrong file.
Other than that, I fail to see what the fuss in some of the other answers is about - after all, you are not talking about letting users execute arbitrary commands. (Correct me if I'm wrong.) In general, executing external commands from PHP is a perfectly fine practice security-wise IMO.
You need to keep in mind that the programm you call is running with the PHP user's rights and may not be allowed to do everything, but I assume you already know that.
您必须注意以下事项:
针对漏洞的安全机制包括:
You have to watch out for these things:
Security mechanisms against exploits are:
如果允许其他人在基本路径中安装程序,您可能会发现自己没有执行您期望的操作。
请记住,您使用自己的权限执行这些程序,因此如果它们发生某种更改,您的帐户可能会受到损害。
If other people is allowed to install programs in the base path, you might find yourself not executing what you expect.
Keep in mind you execute these programs with your privileges, so if they get somehow changed, your account might be compromised.
不清理用户输入怎么样,这样他们就可以执行他们喜欢的任何命令......例如格式;-)
How about using not cleansing your user inputs so they can execute any command they like... such as format ;-)
最担心的是您将能够执行几乎任何系统命令。因此,您至少需要确保用户提供的并在 exec 命令中使用的任何输入都经过正确转义和验证。
这篇文章有一个很好的解释:
http://onlamp.com /pub/a/php/2003/08/28/php_foundations.html
The biggest concern is that you will be able to execute almost any system command. Therefore at a minimum you need to make sure any input supplied by a user and used in the exec command is properly escaped and validated.
this article has a good explanation:
http://onlamp.com/pub/a/php/2003/08/28/php_foundations.html
对于 exec 来说,验证输入的作用被严重低估了。滥用此类命令的可能性有很多,您无法想象(基本示例,您考虑过过滤管道和重定向吗?)。
我建议在一些安全沙箱中运行 exec 中的命令,这样您的操作系统就不可见。但是,请记住,这非常困难,因为 PHP 将在您的操作系统中运行。
Validating the input is extremely underestimated for exec. There are so many possibilities to abuse such commands that you cannot imagine (basic example, have you though about filtering pipes and redirects?).
I would suggest to run the commands in exec in some secure sandbox such that your OS is not visible. However, keep in mind that this is very hard since PHP will run in your OS.
我强烈建议逃跑。在命令行上转储不受信任的数据有一点风险。最好使用固定参数启动外部程序并向其传递数据。您可能还需要对 PHP 解释器拥有比您想要的更多的权限,或者设置程序 Whatsit-bit,这对我来说都没有特别的吸引力。
I would strongly suggest running away. Dumping untrusted data on the command line is a little bit risky. Much better to start the external program with fixed arguments and pass data to it. You may also need to have more permissions for the PHP interpreter than you would like or make the program whatsit-bit set, neither of which particularly appeals to me.