安装Suhosin屏蔽php eval()

eval()不是函数。所以不能用disable_function()来屏蔽。
可以安装php扩展实现屏蔽。

要求php版本在5.4以上。如果不够的话。需要升级php
CentOS 6:
https://www.tecmint.com/install-php-5-4-php-5-5-or-php-5-6-on-centos-6/
CentOS 7:
https://www.tecmint.com/install-php-5-6-on-centos-7/

wget https://download.suhosin.org/suhosin-0.9.38.tar.gz --no-check-certificate

tar -xzvf suhosin-0.9.38.tar.gz
cd suhosin-0.9.38
yum install php-devel -y
phpize

./configure
make
make install


vi /etc/php.ini

插入:

extension= /usr/lib64/php/modules/suhosin.so
suhosin.executor.disable_eval = On

更多用法:
https://suhosin.org/stories/howtos.html

suhosin.executor.eval.whitelist =
suhosin.executor.eval.blacklist = include, include_once, require, require_once, curl_init, fpassthru, file, base64_encode, base64_decode, mail, exec, system, proc_open, leak, syslog, pfsockopen, shell_exec, ini_restore, symlink, stream_socket_server, proc_nice, popen, proc_get_status, dl, pcntl_exec, pcntl_fork, pcntl_signal, pcntl_waitpid, pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled, pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, socket_accept, socket_bind, socket_connect, socket_create, socket_create_listen, socket_create_pair, link, register_shutdown_function, register_tick_function

测试屏蔽是否成功:

$string = 'cup'; $name = 'coffee';
$str = 'This is a $string with my $name in it.';
echo $str. "\n";
eval("\$str = \"$str\";");
echo $str. "\n";
phpinfo();

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注

Time limit is exhausted. Please reload CAPTCHA.