The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel bugs - are they going to be fixed?

Discussion in 'General Discussion' started by nybble, Nov 12, 2004.

  1. nybble

    nybble Well-Known Member

    Joined:
    Jan 26, 2004
    Messages:
    223
    Likes Received:
    0
    Trophy Points:
    16
    Ok well, there are a few things that worry me...

    One is that everyone on the server can view your httpd.conf file
    Second is that everyone can see everyone else on the server & their information, such as username, domain, subdomains etc...

    Are these going to get fixed or what?
     
  2. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    16
  3. nybble

    nybble Well-Known Member

    Joined:
    Jan 26, 2004
    Messages:
    223
    Likes Received:
    0
    Trophy Points:
    16
    I didn't but I guess I should... :)
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I believe that both have been raised in the past, but due to the current design, nothing has been done. So, they know about the problems, but I've no idea if they're looking to overcome them.
     
  5. cPanelBilly

    cPanelBilly Guest

    These are not security bugs, they are part of a shared hosting system and there is nothing that can be done currently.
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I'd have to disagree with you Billy. We've shown previously that this could be fixed - it's how cPanel works where the problem is. It is quite possible to protect httpd.conf (this was shown to be possible, but some functionality in cPanel functions break, the web server doesn't) and the other problem really is a design issue.
     
  7. StevenC

    StevenC Well-Known Member

    Joined:
    Jan 1, 2004
    Messages:
    254
    Likes Received:
    0
    Trophy Points:
    16
    sorry billy but i must side with chirpy on this one.
     
  8. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    What would you gain? What about /etc/userdomains or /etc/localdomains ?
     
  9. eos1

    eos1 Well-Known Member

    Joined:
    Mar 11, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    our privacy.

    It's just like showing your address book to all, isn't it.
     
    #9 eos1, Nov 17, 2004
    Last edited: Nov 17, 2004
  10. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    I've been playing with rights and a little perl script for testing and found that the following seems to work, but obviously would require a lot more testing to be sure.

    chmod 640 httpd.conf
    chown root:nobody httpd.conf

    Now when trying to use something like
    open(MYINPUTFILE, "httpd.conf");

    It results in the following;

    content-type: text/html
    readline() on closed filehandle MYINPUTFILE at ./test.cgi line 4.

    Where as before it would list out httpd.conf

    Anyone up for more testing of this???
     
  11. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  12. eos1

    eos1 Well-Known Member

    Joined:
    Mar 11, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    I think you are still in Vegas, and there are so many walking apache dictionaries.
    I'm sure you got something for it, and not Gambling...
     
  13. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
Loading...

Share This Page