7
If you can't disable eval() (a language construct, not a function) or have a blacklist within eval to disable most of the hacker's toolbox within eval, then you are running a load of bandwidth that is irresistable to hackers looking for bandwidth to run their payloads. What to blacklist, ideally, can't always be done because 3rd party module writers or even framework core depends on some of these functions within an eval() context:
如果您不能禁用eval()(语言构造,而不是函数)或在eval中有一个黑名单,以禁用eval中的大部分黑客工具箱,那么您正在运行的带宽对正在寻找带宽以运行其有效负载的黑客来说是不可抗拒的。理想情况下,黑名单不能总是这样做,因为第三方模块编写者甚至框架核心都依赖于eval()上下文中的这些功能:
suhosin.executor.eval.blacklist=include,include_once,require,require_once,curl_init,fpassthru,file,base64_encode,base64_decode,mail,exec,system,proc_open,leak,pfsockopen,shell_exec,ini_restore,symlink,stream_socket_server,proc_nice,popen,proc_get_status,dl,pcntl_exec,pcntl_fork, pcntl_signal, pcntl_waitpid, pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled, pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, socket_accept, socket_bind, socket_connect, socket_create, socket_create_listen, socket_create_pair,link,register_shutdown_function,register_tick_function,create_function,passthru,p_open,proc_close,proc_get_status,proc_terminate, allow_url_fopen,allow_url_include,passthru,popen,stream_select
If you can't filter for these functions then a major component of security is missing.
如果不能对这些函数进行过滤,那么安全性的一个主要组件就会丢失。
Here are some examples of Remote Administration Tools (RATS) that will infect your site, through any vulnerable 3rd party module or site user account.
下面是一些远程管理工具(rat)的例子,它们将通过任何第三方模块或站点用户帐户感染您的站点。
RATs can take many forms, some are easy to grep for:
老鼠可以有很多种形式,有些很容易抓取,因为:
Some are more professional and obfuscated, and cannot really be grepped for, and cannot be found unless suhosin tips you off that they executed:
有些是更专业的,含混不清的,不可能真正得到支持,除非suhosin告诉你他们执行了:
(note in this case the CACHE directory cannot be in source control, therefore cannot be tracked either)
(注意,在这种情况下,缓存目录不能在源代码控制中,因此也不能被跟踪)