Nginx下解决WebShell访问限制问题
王科 2010-06-15
直入主题公布修改方法
wget http://www.php.net/get/php-5.2.10.tar.gz/from/this/mirror
wget http://php-fpm.org/downloads/php-5.2.10-fpm-0.5.13.diff.gz
tar zxvf php-5.2.10.tar.gz
gzip -cd php-5.2.10-fpm-0.5.13.diff.gz | patch -d php-5.2.10 -p1 //如果你用补丁的话先打补丁再改比较妥当,我没检查过补丁有没动这个文件
cd php-5.2.10/
./configure –prefix=/usr/local/php –with-config-file-path=/usr/local/php/etc –with-mysql=/usr/local/mysql –with-mysqli=/usr/local/mysql/bin/mysql_config –with-iconv-dir –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir=/usr –enable-xml –disable-rpath –enable-discard-path –enable-magic-quotes –enable-safe-mode –enable-bcmath –enable-shmop –enable-sysvsem –enable-inline-optimization –with-curl –with-curlwrappers –enable-mbregex –enable-fastcgi –enable-fpm –enable-force-cgi-redirect –enable-mbstring –with-mcrypt –enable-ftp –with-gd –enable-gd-native-ttf –with-openssl –with-mhash –enable-pcntl –enable-sockets –with-xmlrpc –enable-zip –enable-soap –without-pear –with-gettext –with-mime-magic –enable-suhosin
vi main/fopen_wrappers.c
找到
/* {{{ php_check_open_basedir
*/
PHPAPI int php_check_open_basedir_ex(const char *path, int warn TSRMLS_DC)
{
/* Only check when open_basedir is available */
if (PG(open_basedir) && *PG(open_basedir)) {
char *pathbuf;
char *ptr;
char *end;
// add by anxsoft.com
char *env_doc_root;
if(PG(doc_root)){
env_doc_root = estrdup(PG(doc_root));
}else{
env_doc_root = sapi_getenv("DOCUMENT_ROOT", sizeof("DOCUMENT_ROOT")-1 TSRMLS_CC);
}
if(env_doc_root){
int res_root = php_check_specific_open_basedir(env_doc_root, path TSRMLS_CC);
efree(env_doc_root);
if (res_root == 0) {
return 0;
}
if (res_root == -2) {
errno = EPERM;
return -1;
}
}
// add by anxsoft.com
pathbuf = estrdup(PG(open_basedir));
ptr = pathbuf;
while (ptr && *ptr) {
end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
if (end != NULL) {
*end = '\0';
end++;
}
if (php_check_specific_open_basedir(ptr, path TSRMLS_CC) == 0) {
efree(pathbuf);
return 0;
}
ptr = end;
}
if (warn) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s)", path, PG(open_basedir));
}
efree(pathbuf);
errno = EPERM; /* we deny permission to open it */
return -1;
}
/* Nothing to check... */
return 0;
}
/* }}} */
两个 add by anxsoft.com 中间的是修改加上去的
然后保存,退出。
make ZEND_EXTRA_LIBS=’-liconv’
make install
php.in的open_basedir配置
open_basedir = “/tmp/:/var/tmp/”
