The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cross-account file editing by scripts.

Discussion in 'General Discussion' started by SuperBaby, Sep 19, 2009.

  1. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    331
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    I just realized this security problem and wonder how to solve it.

    I have a CMS Perl script in www.user123.com which edits the file /home/user123/public_html/text/welcome.txt

    I noticed that if I change the path of the datafile to /home/user456/public_html/text/welcome.txt , the Perl script in www.user123.com can actually edit the datafile in www.user456.com.

    This sounds ridiculous. Is there a way to stop cross-account editing? I already have Tweak PHP open_basedir Security enabled under WHM.

    This is my system:
     
  2. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    331
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    Nobody has this problem or nobody knows the solution??
     
  3. britsenigma

    britsenigma Well-Known Member

    Joined:
    Dec 14, 2008
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    6
    Well PHP Base Directory is a PHP security feature, the main reason people worry about PHP is because it's such a common and easy language.

    But, if you really want to gain access to a server, there's plenty of ways using the other languages available (Perl etc), and most of them are not locked down at all.

    That said, if the files have the right permissions it shouldn't happen. It entirely depends on the permissions perl has. I seriously doubt perl scripts are executing as the user, maybe someone can clarify.

    For example, if it's executing as root it can access anything on the server regardless of permissions.

    Go to a command line, run "top".

    Anything executing as root has access to everything on the server....shocking really.

    At least, that's how I understand it, and I didn't look any of it up, so I could well be wrong.
     
  4. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    331
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    Referring to my first post....

    The Perl script is a simply calendar script with a flat text database file called welcome.txt.

    In the script's config section, this is what I set:

    $path_to_datafile = "/home/user123/public_html/text/welcome.txt";

    My point is, when I changed the "user123" to "user456", I could edit the welcome.txt under a different account.

    Is there a way to stop this?
     
  5. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    What are the file permissions for /home/user456/public_html/text/welcome.txt?
     
  6. trevHCS

    trevHCS Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    69
    Likes Received:
    1
    Trophy Points:
    8
    Could this be related to the option in EasyApache setup which asks if you want to be able to access other web roots? Option called "Fileprotect" under exhaustive settings.

    Might just be for reading other web roots mind you, not writing which would seem a little odd.

    Trev
     
  7. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Adding to David's question, what is the output displayed by the following command? This would be executed via root SSH access:
    Code:
    # /usr/local/cpanel/bin/rebuild_phpconf --current
    The above will show if SuExec (for CGI/Perl scripts) is enabled or disabled and also shows what your PHP handler is, such as Apache DSO, CGI, or SuPHP.

    You may want to ensure that both SuExec and SuPHP are enabled, and that the file involved has permissions that restrict write access from other users. You may change permissions using the "chmod" utility via SSH access, but it can also be changed easily using FTP access or via your cPanel File Manager.

    You may check the current access permissions using either of the following two commands:
    Code:
    # ls -al /home/user456/public_html/text/welcome.txt
    # stat /home/user456/public_html/text/welcome.txt
     
Loading...

Share This Page