cPanel Forums
05-28-2006, 06:02 PM
|
|||
|
|||
|
Security of accounts on cpanel servers.
If a cpanel server is running PHP as a module in Apache I will be able to read/edit other peoples files if (assuming that apache runs with user nobody):
I upload a CGI/PHP script so that it is owned by user nobody. PHP will then be restricted by safe_mode or open_basedir, but CGI will not be restricted by anything. If another account on the same server has files owned by user nobody, I will have full access to these using CGI (and might have access with PHP depending on safe_mode/open_basedir). Are my assumtions correct? I'm writing a master thesis so I would really appreciate if anyone could reply 
    
|
|
05-28-2006, 07:57 PM
|
|||
|
|||
|
Off topic, but I am the Number1Host
 
__________________
→ Number1Host.net → Shared, Reseller, and Dedicated Hosting → Server Setup, Management, and Security → The Web's Number 1 Host - Number1Host.net
|
|
05-28-2006, 07:59 PM
|
||||
|
||||
|
Quote:
__________________
Regards, David Forum Moderator Alternate Support? http://www.cpanelhosts.com Looking for a server? http://www.myvirtualhosting.com Get Dedicated in Toronto at MVH. We are a licensed cPanel PartnerNoc
|
|
05-28-2006, 08:03 PM
|
|||
|
|||
|
Quote:
__________________
→ Number1Host.net → Shared, Reseller, and Dedicated Hosting → Server Setup, Management, and Security → The Web's Number 1 Host - Number1Host.net
|
|
05-28-2006, 08:07 PM
|
|||
|
|||
|
Well I registered in Apr 2003 with that nick (and domain) so I think I was before you
 Though we have changed name since then.But on topic, someone here able to answer?
|
|
05-28-2006, 08:15 PM
|
|||
|
|||
Quote:
Quote:
__________________
Get your domain name today! .COMs from just $7.95/yr! Sign up today!-- http://www.widenationhost.com/ Sales Dept: sales@widenationhost.com Support Forum: http://widenationhost.com/forums/index.php All domain transfers and renews are just $6.95 for a limited time. Regular price domains for $3.99 with purchase of non-domain product such as our hosting plans which start at $4.95/mo.
|
|
05-28-2006, 08:19 PM
|
|||
|
|||
|
__________________
→ Number1Host.net → Shared, Reseller, and Dedicated Hosting → Server Setup, Management, and Security → The Web's Number 1 Host - Number1Host.net
|
|
05-29-2006, 11:43 AM
|
|||
|
|||
|
Quote:
BTW I got forbidden on your pages?So this is basically possible: If a file "file" in /home/userA/public_html/file is owned by nobody and a directory "dir" in /home/userB/public_html/dir is owned by nobody (and all the subdirs and files), then userA would have access to everything within directory dir of userB?
|
|
05-29-2006, 11:51 AM
|
|||
|
|||
|
As long as you have open_basedir enabled, you won't have a problem.
__________________
→ Number1Host.net → Shared, Reseller, and Dedicated Hosting → Server Setup, Management, and Security → The Web's Number 1 Host - Number1Host.net
|
|
05-29-2006, 12:18 PM
|
||||
|
||||
|
That's not true. If you have open_basedir enabled it makes it a tiny bit more tricky, but it's trivial to bypass.
__________________
Jonathan Michaelson cPanel Forum Moderator Need your cPanel servers secured and tuned? cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf http://www.configserver.com
|
|
05-29-2006, 01:31 PM
|
|||
|
|||
|
^^ What he said. Chirpy > cooldude
__________________
→ Number1Host.net → Shared, Reseller, and Dedicated Hosting → Server Setup, Management, and Security → The Web's Number 1 Host - Number1Host.net
|
|
05-29-2006, 02:36 PM
|
|||
|
|||
|
So to sum up my assumtion is correct?
Thank you all for your answers so far
|
 |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT -5. The time now is 08:23 AM.
Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
© cPanel Inc
