个人觉得在Linux环境中以下函数最好还是disable掉比较安全一些吧,我从国外的一些空间上也看到很多都禁用了这些函数,禁用方法就是在php.ini里的
disable_functions=后面写上函数名就可以了,中间以,号隔开
chmod,exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,
ini_alter,dl,popen,curl_exec,popen,pcntl_exec,socket_accept,socket_bind,socket_clear_error,socket_close,
socket_connect,socket_create_listen,socket_create_pair,socket_create,socket_get_option,
socket_getpeername,socket_getsockname,socket_last_error,socket_listen,socket_read,socket_recv,
socket_recvfrom,socket_select,socket_send,socket_sendto,socket_set_block,socket_set_nonblock,
socket_set_option,socket_shutdown,socket_strerror,socket_write,stream_socket_client,stream_socket_server,
pfsockopen,disk_total_space,disk_free_space,chown,diskfreespace,getrusage,get_current_user,getmyuid,
getmypid,dl,leak,listen,chgrp,link,symlink,dlopen,proc_nice,proc_get_stats,proc_terminate,shell_exec,
sh2_exec,posix_getpwuid,posix_getgrgid,posix_kill,ini_restore,mkfifo,dbmopen,dbase_open,filepro,
filepro_rowcount,posix_mkfifo,putenv,sleep