PHP Shell_exec仅适用于某些命令

Is there a way to disable shell_exec with exception of only certain commands that can be whitelisted?

有没有办法禁用shell_exec,只有某些可以列入白名单的命令除外?

I figured I could always go in and just put those commands into mod_sec, the major commands that I don't want run. But that kind of config is not enough. I want to disable shell_exec but allow shell_exec to run with certain commands only, two to be exact.

我想我总是可以进入并将这些命令放入mod_sec,这是我不想运行的主要命令。但这种配置还不够。我想禁用shell_exec但允许shell_exec只运行某些命令,确切地说是两个命令。

I am running CentOS, Cpanel and PHP 5.2.17.

我正在运行CentOS,Cpanel和PHP 5.2.17。

1 个解决方案

#1

This is not a dissable/whitelist per se, but if done correctly it gives users supervised and strictly controlled access to only those shell commands that you specify in your code.

这本身并不是一个不可行/白名单,但如果正确完成,它会为用户提供受监督和严格控制的访问权限,只访问您在代码中指定的那些shell命令。

    $Ops = array(
            'function1'  => function($parameter){ 
                    DO PARAMETER CHECK HERE; 
                    shell_exec("CommandThatIsSafetoPerform" + parameter here);
                },
            'function2'  => function($parameter){ 
                    DO PARAMETER CHECK HERE; 
                    shell_exec("CommandThatIsSafetoPerform" + parameter here);
                },
            'function3'  => function($parameter){ 
                    DO PARAMETER CHECK HERE; 
                    shell_exec("CommandThatIsSafetoPerform" + parameter here);
                },

    );

then call use something like this:

然后调用使用这样的东西:

call_user_func(Ops["function1"], "your parameter here");

A few special notes: Giving users access to the parameters is asking for trouble. You are better off hard coding EVERYTHING and not giving users the ability to modifiy any of the parameters.

一些特别说明:让用户访问参数是一件麻烦事。你最好硬编码一切,而不是让用户能够修改任何参数。

#1