dongzhengzhong1282 2013-10-23 20:02
浏览 66
已采纳

限制在PHP中访问父目录

I have seen from other questions that I can set open_basedir to restrict access to parent folders. However, I decided to do a bit of experimenting to find out what I could do.

First test was to see if I could manually set open_basedir using the ini_set function. Thankfully, it appears that this function can set a more restrictive basedir, but it cannot be used to lessen the restriction. That's all good.

However my next test was somewhat disturbing:

ini_set("open_basedir","/path/to/desired/root/limited");
echo file_get_contents("/some/outsite/file.txt"); // error: basedir restriction
echo `cat /some/outside/file.txt`; // outputs the file

I can't seem to find any way to restrict shell access to stuff.

So I guess my real question is, what can I do to ensure that parent folders are safe? Clearly, open_basedir doesn't cut it.

  • 写回答

2条回答 默认 最新

  • dongmo2324 2013-10-23 20:33
    关注

    open_basedir generally doesn't restrict backdoor access like that. There was a "safe_mode" in PHP which prevented such calls like system() and exec(). Full list here: http://www.php.net/manual/en/features.safe-mode.functions.php

    But that's been deprecated as of PHP 5.3 because there are many ways around it.

    You could use suPHP and chroot, as suggested by another StackOverflow answer: PHP safemode alternative

    "A better approach is use suphp to run your application as a jailed user. This uses the security of the operating system to protect your application. You run your php code as an account that doesn't have access to a shell. You remove write privileges from everything owned by that user chmod 500 -R /. Or go a step further and run your application within a chroot."

    Useful links:

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

  • 如何在php循环目录 php
    2013-08-05 15:24
    回答 4 已采纳 Try to create a recursive function like this function getSomeFile($path) { if(file_exists($pa
  • 如何在php访问变量 php
    2014-09-25 11:03
    回答 2 已采纳 You can access the method of the class you're extending from by just calling it on the $this objec
  • PHP访问方法 php
    2010-11-24 21:01
    回答 3 已采纳 if you are using proper inheritance, you just need the parent keyword. class foo { protected
  • PHP绕过open_basedir限制操作文件的方法
    2020-10-18 11:03
    PHP,`open_basedir` 是一个重要的安全配置,用于限制脚本可访问的文件系统路径,防止非法访问敏感目录。当开启此配置时,任何试图访问超出设定路径之外的文件操作都将失败。然而,这并不意味着绝对安全,因为...
  • 允许在php包含文件夹的文件 php
    2015-01-13 05:55
    回答 5 已采纳 Try with - include 'includes/header.php'; includes and index.php are in same folder. The path
  • 在多维php数组查找 php
    2014-01-09 20:03
    回答 1 已采纳 Instead of echo key($array); you want echo $element; since $element is the variable assigned
  • 在word press包含sibling文件夹PHP文件 php
    2018-10-03 07:33
    回答 2 已采纳 Finally, I found the solution. just put the dirname(__FILE__) function before the directory that I
  • PHP设置、使用、删除Cookie的解决方法
    2020-10-27 10:18
    本文将详细讲解如何在PHP设置、使用和删除Cookie,以及需要注意的相关限制。 1. 设置Cookie PHP提供了`setcookie()`函数来创建Cookie。这个函数必须在任何HTML内容输出之前调用,因为Cookie是HTTP头部的一部分。...
  • php+layui如何在layer iframe携带页面id查询数据清单并显示? layui php
    2022-03-19 09:16
    回答 1 已采纳 content: url+'?data='+data.id
  • 如何在包含文件使用文件声明的php变量 php
    2018-02-19 00:52
    回答 2 已采纳 Thanks everyone! Your comments and answers helped me find the solution I needed. $root = dirnam
  • php访问子类的对象(无继承) php
    2017-03-21 11:20
    回答 2 已采纳 Your object can't access caller class methods, because he do not know anything about it's caller.
  • phpmkdir()函数的权限问题分析
    2020-12-18 17:29
    因此,当需要在PHP创建一个具有特定权限的目录时,一个可行的解决方案是先使用`mkdir()`创建目录,然后使用`chmod()`设置所需的精确权限,例如: ```php mkdir('./xw/'); chmod('./xw/', 0777); ``` 这样可以...
  • php跨域cookie共享使用方法
    2020-12-18 18:43
    在Web开发,由于浏览器的同源策略限制,不同域名之间的资源访问通常受到限制,包括Cookie。然而,有时候为了实现特定的功能,如用户身份验证或数据共享,我们需要跨域共享Cookie。本文将详细讲解如何使用PHP来实现...
  • PHP has encountered a Stack overflow问题解决方法
    2020-10-25 07:19
    在Windows服务器环境下,如果应用程序的目录或者目录权限设置不正确,比如缺少“匿名来宾权限”,即使PHP配置正常,也可能出现堆栈溢出的错误提示。文件权限的问题可能是导致discuz论坛以及其他PHP系统出错的主要...
  • 使用PHP如何实现高效安全的ftp服务器(二)
    2020-10-23 01:24
    目录权限,I(继承)权限使得所有子目录自动继承其目录的权限设置。大多数情况下使用继承权限即可,但当需要对子文件夹的访问进行限制时,如实施强制访问控制(Mandatory Access Control),则需要取消继承,...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥15 乌班图ip地址配置及远程SSH
  • ¥15 怎么让点阵屏显示静态爱心,用keiluVision5写出让点阵屏显示静态爱心的代码,越快越好
  • ¥15 PSPICE制作一个加法器
  • ¥15 javaweb项目无法正常跳转
  • ¥15 VMBox虚拟机无法访问
  • ¥15 skd显示找不到头文件
  • ¥15 机器视觉中图片中长度与真实长度的关系
  • ¥15 fastreport table 怎么只让每页的最下面和最顶部有横线
  • ¥15 java 的protected权限 ,问题在注释里
  • ¥15 这个是哪里有问题啊?