nyanhost

Active Member
Nov 4, 2013
28
0
1
cPanel Access Level
Root Administrator
Hello!
I have big problem.
Configuration Apache / php:
PHP 5 Handler: DSO
Apache SuEXEC: off
mpm-itk module.


I want to disable: launch PERL/CGI-scripts for some accounts in my shared-Hosting.
I unchecked: CGI Privilege in options account...
But, if user add to .htaccess string:
"AddHandler cgi-script .cgi .pl" - Perl or CGI scripts running...

If user use crontab command: /usr/bin/perl - it is running too.

Guys, how I can disable access to /usr/bin/perl for some accounts?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Hello :)

Are you attempting to disable Perl for security purposes? If so, I would like to paste to you the response from another analyst regarding a similar request:

What needs to be understood is the distinction between a script that provides an entry point for an attacker, and a script that is executed by an attacker. Let me give you an example. Old versions of Joomla, a popular PHP-based application, are known for allowing an attacker to execute code remotely. What happens is this:

The attacker finds a Joomla-based site running an old, insecure version of Joomla.
The attacker sends a call to the Joomla site to trigger the vulnerability that allows remote code execution.
The attacker uploads his desired script through the vulnerable Joomla application and executes it on your server.

It is important to understand that it does not matter what language the attacker's script is written in. Once the attacker finds a vulnerable script on one of your sites, a script that will allow remote code execution, the attacker will upload and execute code. If you disable Perl, the attacker will upload and execute a PHP script. If you disable PHP, the attacker may upload and execute a Python script. If you disable Python, the attacker may upload and execute a script for the C shell or Korn shell, or any other shell that may be available on Unix or Linux.

This is why trying to disable a language interpreter, such as Perl, from being used by your users is a futile effort. No matter what you do, the issue that would lead to Perl being used by an attacker's script is that a script on your server is vulnerable to being used to execute code remotely. By the time the attacker invokes the Perl interpreter to run his/her script, it is already too late, because he/she has already exploited the vulnerable script on your site.

The only way to prevent this type of behavior is to audit the scripts on your sites and identify those that may allow remote code execution. This is not easy or fast, and it requires the assistance of a security expert who can identify this type of issue for you. It is, however, the only way to truly secure your server against abuse caused by remote code execution. Trying to prevent this abuse by disabling the Perl interpreter, or the PHP interpreter, or the Python interpreter, or any other interpreter is not a good approach.
Thank you.