The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disable wget for all users?

Discussion in 'General Discussion' started by Snover, Nov 25, 2004.

  1. Snover

    Snover Active Member

    Joined:
    Sep 29, 2003
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    Would setting the chmod for wget to 700 cause problems with the cPanel scripts? All user CGI (including PHP) is suexec, and recently (the phpBB exploit) some files were downloaded that would not have otherwise been downloaded if wget was not available to these users. I understand that it may be a bit of a kluge to do this, but I think it's a fairly simple way to harden the server a bit against any future possible remote code execution.
     
  2. linux-image

    linux-image Well-Known Member

    Joined:
    Jun 8, 2004
    Messages:
    1,192
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    Root Administrator
    fast and easy solution is: move the binary of wget to some other name :) When you want to use it; use the alternate name and for the rest let that remain a mystery. this is but a tweak; that will have to be reversed while you do any upcp or any process that needs a wget download.
     
  3. Sinewy

    Sinewy Well-Known Member

    Joined:
    May 15, 2004
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney, Australia
    cPanel Access Level:
    DataCenter Provider
    chmod 644 if you want no one using it. (this includes not allowing root to use it) or chmod 744 if you want to allow root to use it.
     
  4. GOT

    GOT Get Proactive!

    Joined:
    Apr 8, 2003
    Messages:
    900
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Norfolk, VA
    cPanel Access Level:
    DataCenter Provider
    It will cause problems updating fantastico. You can always chmod it back just before updating.
     
Loading...

Share This Page