cPanel bugs - are they going to be fixed?

1. Did you submit the bugs in Bugzilla?
2. If you did, post the bug ID's here: http://forums.cpanel.net/showthread.php?t=31595&page=3

 

I believe that both have been raised in the past, but due to the current design, nothing has been done. So, they know about the problems, but I've no idea if they're looking to overcome them.

 

These are not security bugs, they are part of a shared hosting system and there is nothing that can be done currently.

 

I'd have to disagree with you Billy. We've shown previously that this could be fixed - it's how cPanel works where the problem is. It is quite possible to protect httpd.conf (this was shown to be possible, but some functionality in cPanel functions break, the web server doesn't) and the other problem really is a design issue.

 

sorry billy but i must side with chirpy on this one.

 

our privacy.

It's just like showing your address book to all, isn't it.

 

I've been playing with rights and a little perl script for testing and found that the following seems to work, but obviously would require a lot more testing to be sure.

chmod 640 httpd.conf
chown root:nobody httpd.conf

Now when trying to use something like
open(MYINPUTFILE, "httpd.conf");

It results in the following;

content-type: text/html
readline() on closed filehandle MYINPUTFILE at ./test.cgi line 4.

Where as before it would list out httpd.conf

Anyone up for more testing of this???

 

Similar idea in this 7 page thread:
http://forums.cpanel.net/showthread.php?t=29718&page=5&pp=15

We did flog this one quite hard and seemed to conclude that Apache is happy, but not the cPanel code.

 

I think you are still in Vegas, and there are so many walking apache dictionaries.
I'm sure you got something for it, and not Gambling...

 

Ah! Thanks, oh well....