The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cgitelnet = security risk

Discussion in 'Security' started by casey, Jul 25, 2003.

  1. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    I just played around with cgitelnet again (http://www.rohitab.com/cgiscripts/cgitelnet.html), and it has me really worried. Is there anyway to delete scripts like this automatically? I check every so often for files named "telnet" on the server, but what happens if the user is calling it something different? How do I prevent people from using this script? I wish there was something like open_basedir for cgi...:(

    cPanel.net Support Ticket Number:
     
  2. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    36
    Run suexec and set correct permissions on your partitions.

    cPanel.net Support Ticket Number:
     
  3. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Hi ciphervendor, thanks for the response. I'm still learning here, so let me try to get things straight. I have suexec enabled, so no problem there. However, a partition is another name for a separate drive, correct? Basically, I don't want the person using cgitelnet to get into usr, var, scripts, etc. Can I still prevent them getting into those directories without putting them on separate hard drives? I noticed that I was unable to list the files in the /home directory. That is a good thing. The permission on /home is 711 I believe. If I chmod the other directories to 711 will that mess them up?

    cPanel.net Support Ticket Number:
     
  4. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    The webroot protection feature should take of these issues. It is mentioned in other threads.

    cPanel.net Support Ticket Number:
     
  5. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    No, actually it doesn't. I have the webroot protection feature enabled. If the permissions on /usr on your server are still as is, then upload that script and try it. You will be able to see all the files in there. Of course, you can't edit them or delete them, but you can see them. I'm just a little worried here, not terrified.

    With jailshell, the user cannot see confidential files, but if the person uploads telnet.cgi, they can move around and snoop much more than I would prefer.

    cPanel.net Support Ticket Number:
     
  6. goodmove

    goodmove Well-Known Member

    Joined:
    May 12, 2003
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    Can you briefly tell the correct permissions for /usr and /var partitions to prevent snooping by these CGI scripts?
     
  7. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    Ah you're right, it only works for the other user's home dirs.

    I don't think you can easily change reading permissions on the other partitions without running into problems...haven't tried it myself, since I don't want to mess things up :)

    cPanel.net Support Ticket Number:
     
  8. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Yeah, I don't want to mess things up, either.:)
    I just wish somebody knew some way to prevent people from uploading telnet.cgi or how to find it immediately if they did....

    cPanel.net Support Ticket Number:
     
  9. goodmove

    goodmove Well-Known Member

    Joined:
    May 12, 2003
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    Denying shell access to a user means not much if people are able to snoop around the server with that application! :confused:
     
  10. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Exactly. A while back, somebody had created a script to search for old copies of formmail.pl. If that can be done, then perhaps a similar script can be created to search for telnet.cgi. What does everyone else do? Does everyone have separate partitions for all the directories on their server?

    cPanel.net Support Ticket Number:
     
  11. compunet2

    compunet2 Well-Known Member

    Joined:
    Feb 21, 2003
    Messages:
    310
    Likes Received:
    0
    Trophy Points:
    16
    If you shut off telnet and block access to that port, wont that prevent the script from running?

    cPanel.net Support Ticket Number:
     
  12. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    No, unfortunately it won't. It runs as a cgi script. I already have the telnet port blocked.

    cPanel.net Support Ticket Number:
     
  13. goodmove

    goodmove Well-Known Member

    Joined:
    May 12, 2003
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    Does someone know the significance and effects of chmoding these directories 711?

    chmod 711 /usr/sbin
    chmod 711 /usr/local
    chmod 711 /sbin
    chmod 711 /etc
    chmod 711 /var/log
    chmod 711 /var/named

    Also, do the /etc/passwd, /etc/exim.conf and httpd.conf need to be world readable?
     
  14. lowspeed

    lowspeed Active Member

    Joined:
    Aug 13, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Anyone with a solution ?

    Which files / directories can be 740 ?

    cPanel.net Support Ticket Number:
     
  15. Jemshi

    Jemshi Well-Known Member

    Joined:
    Sep 11, 2003
    Messages:
    210
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    but for what ?

    What is the point in setting the permissions like this. Everyone knows what is there in these folder. The 1 permission only forbids ls inside the folder. They can still view the files once they know the file name.

    cPanel.net Support Ticket Number:
     
  16. Jemshi

    Jemshi Well-Known Member

    Joined:
    Sep 11, 2003
    Messages:
    210
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    forgot one thing

    and yea.. the passwd file need to be world readable. Otherwise, most of the programs wont work. That is why you have got the encrypted passwords in shadow file which is not world readable.

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page