安全地使用PHP exec函数 [英] Securely using the PHP exec function

问题描述

我正在编写一个旨在通过exec()函数运行可执行文件(ffmpeg.exe)的PHP脚本.问题是我已经阅读到使用exec()函数可能会带来安全风险，因此应尽可能避免使用.我一直在研究如何安全地运行exec()函数，而我遇到的唯一一件事就是使用escapeshellcmd或escapeshellarg过滤命令字符串.我想知道的是，在使用exec()函数时是否可以进一步提高安全性，或者是否有替代exec()的安全替代方法.任何帮助将不胜感激.

I am writing a PHP script designed to run an executable file (ffmpeg.exe) via the exec() function. The problem is that I have read that using the exec() function can be a security risk and should be avoided if possible. I have been doing some research into how to run the exec() function securely, and the only thing that I keep coming across is to filter the command string with escapeshellcmd or escapeshellarg. What I want to know is if it is possible to further increase security when using the exec() function or if there is a secure alternative to exec(). Any help would be appreciated.

这是我的代码；

define('FFMPEG_LIBRARY', 'c:\\ffmpeg7\\ffmpeg\\bin\\ffmpeg ');
$transcode_string = FFMPEG_LIBRARY." -i " . $srcFile . " -acodec libmp3lame -ab 64k -ar 22050 -ac 1 -vcodec libx264 -b:v 250k -r 30 -f flv -y " . $destFile;
$transcode_string = escapeshellcmd($transcode_string);
exec($transcode_string);

$ srcFile基本上是用于转码的视频，而$ destFile是我要创建的输出文件.

$srcFile is basically the video for transcoding while $destFile is the output file I wish to create.

推荐答案

使用exec()函数可能会带来安全风险，应尽可能避免.

using the exec() function can be a security risk and should be avoided if possible.

有点笼统-完全可以使用exec()构建安全的解决方案.但这确实很困难:执行外部程序存在很多陷阱，尤其是当您将外部参数传递给它们时.

That's a bit of a generalization - it is perfectly possible to build a secure solution using exec(). But it's indeed hard: there are many pitfalls in executing external programs, especially if you are passing outside parameters to them.

正如您所说，第一步是使用escapeshellarg()转义所有内容，以防止注入其他可能有害的命令.

The first step, as you say, is to escape everything using escapeshellarg() to prevent the injection of other, possibly harmful commands.

然后是一个问题，就是输入错误的值会在正在调用的程序中造成什么损害.例如

Then the question is what damage entering wrong values could cause in the program that is being called. For example,

• 在200000 x 200000像素的大视频上运行ffmpeg操作可能会导致服务器挂断，因为该调用尝试分配不可能的内存量.因此，您必须清理用户可以输入的大小值，如果大小太大或者不是数字，则退出.

• running a ffmpeg operation on a 200000 x 200000 pixels large video may well cause a server hangup because the call tries to allocate an impossible amount of memory. So you have to sanitize the size values the user can enter, and exit if they are too large, or not numbers.

恶意用户可能告诉ffmpeg使用配置文件并尝试从中创建视频，这可能导致该配置文件被用作输出，因此您需要限制用户可以使用的文件路径范围指定.

a malicious user could tell ffmpeg to use a configuration file and try to create a video from that, possibly resulting in the configuration file to be used as output, so you need to limit the range of file paths users can specify.

依此类推.

此外，您需要考虑仅通过几个请求就杀死服务器的可能性.如果我每秒向PHP脚本发送50个请求，该脚本又调用一个复杂的ffmpeg命令，该怎么办?服务器可能会很容易承受负担，您可能需要对此加以保护.

Also, you need to think about the possibility of killing the server through the mere number of requests. What if I send 50 requests a second to a PHP script that in turn calls a complex ffmpeg command? The server may easily break under the burden, and you may want to protect against that.

因此:使用exec()并没有固有的安全性问题，但是传递给它的每个传入参数都需要非常仔细地研究.

So: there is no inherent security problem in using exec(), but every incoming parameter that gets passed to it needs to be looked at very carefully.

这篇关于安全地使用PHP exec函数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！