| 防御层 | 机制 | EVE-NG 6.2.0-4 | PNETLab 5.3.11 | 差距说明 | | :--- | :--- | :--- | :--- | :--- | | | Shell元字符清洗 | escapeshellcmd() – PHP标准库函数，过滤所有shell元字符 | secureCmd() – 自定义函数，仅过滤部分字符 | PNETLab 不过滤 $() ，是 CVE-2025-63749 的直接成因。 | | L2 | 圆括号转义 | preg_replace 将 ( ) 转义，使命令替换失效 | 无 | PNETLab 完全缺失此层防护。 | | L3 | 引号转义 | addslashes() – 防止参数截断破坏命令行结构 | 无等价措施 | PNETLab 完全缺失此层。 | | L4 | chroot隔离 | chroot(".") – 限制 QEMU 进程在运行目录内 | 无 chroot | PNETLab 的 QEMU 进程可直接访问宿主机文件系统。 | | L5 | 进程组权限限制 | setgid(32768) – 设置到 unl 组 | 以 root 运行，无限制 | 两者均以 root 身份运行 QEMU 节点，是共同短板。 | | L6 | 只读挂载保护 | mount -B -o ro + chattr +i – 镜像目录只读 | 无 | PNETLab 被入侵后镜像文件可被篡改。 |

Includes an autofit feature for textbox sizes, refined shapes, and a new bottom-mounted zoom bar. Improved Visibility:

PNETLab is available as an offline version with full features, which is free to use. How to Install or Upgrade to 5.3.11

The Dynamic Topology Auto‑Scaling feature in Pnetlab 5.3.11 brings cloud‑native elasticity to network‑lab environments, delivering cost savings, smoother learning experiences, and a more realistic simulation of modern, large‑scale networks. If you haven’t tried it yet, set up a quick test lab today and see how much smoother your scaling scenarios become!

: Heavy reliance on QEMU/KVM for hardware acceleration of virtual appliances. Impact and Remediation

: This version is frequently cited as the "stable" target for users upgrading from older 4.x or early 5.x builds, specifically addressing various small bugs and improving overall system reliability.