English
English
When developing and deploying PHP applications, you often need to use the php_uname() function to obtain the system's operating system information. This function returns the operating system name, version number, host name and other information of the current server. However, this information may be exposed to malicious users, which in turn threatens the security of the system. Therefore, in a production environment, we need to take measures to hide or filter the output information of the php_uname() function.
php_uname() is a built-in PHP function that returns relevant information about the current operating system. Its output content includes the name, version, host name, etc. of the operating system, and the usual format is as follows:
echo php_uname();
Output example:
Linux server1 4.15.0-123-generic #126-Ubuntu SMP Thu Nov 7 18:59:47 UTC 2019 x86_64
This information may be useful to developers, but if exposed to distrustful users, attackers can use this information to infer the system's configuration and potential vulnerabilities.
The output information of php_uname() may leak the following sensitive content:
Operating system type and version : Attackers can use this information to determine which vulnerabilities may affect the system.
Host Name : If the host name is exposed, an attacker may be able to infer the physical location of the server or the network topology.
Kernel Version : Some kernel versions may already have known security vulnerabilities, and an attacker may use this information to launch an attack.
Therefore, in production environment, in order to improve security, we need to hide or filter the output of the php_uname() function.
The most direct way is to disable the function through PHP's disable_functions configuration. This method completely prevents php_uname() from being called.
Open the php.ini configuration file.
Add php_uname to the disabled_functions configuration item:
disable_functions = php_uname
Restart PHP or web server to make the configuration take effect.
With this approach, any code that attempts to use the php_uname() function will be blocked from execution.
If php_uname() cannot be disabled completely, we can also filter or modify its output by writing custom code. For example, simpler or safer information can be displayed by rewriting the output of the function.
if ($_SERVER['SERVER_NAME'] === 'production_server') {
echo "Server Information Hidden for Security";
} else {
echo php_uname();
}
In this code, the output of php_uname() will be displayed only in a specific server environment. Otherwise, a hidden prompt message will be displayed.
For Apache servers, some sensitive information can be blocked from being displayed through the .htaccess file.
For example, access control is performed through mod_rewrite to ensure that certain sensitive information is not exposed:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/php_uname$
RewriteRule .* - [F]
</IfModule>
This configuration rejects direct requests to php_uname() .
By configuring the open_basedir limit, you can control that PHP scripts can only access specific directories, preventing reading of system information that should not be exposed.
Open the php.ini configuration file.
Configure open_basedir :
open_basedir = /path/to/your/application:/path/to/other/allowed/directories
This configuration will limit PHP scripts to access only specified directories, thus avoiding the leakage of system-sensitive information.
To improve the security of PHP applications in production environments and prevent the php_uname() function from leaking system sensitive information, you can choose to disable the function, modify the output content, or use configuration files and access control methods to restrict it. The best way to do this is to combine multiple methods to ensure that sensitive information is not exposed to untrusted users.
