The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to prevent running binary files.

Discussion in 'Security' started by reporter, Dec 13, 2010.

  1. reporter

    reporter Active Member

    Joined:
    Jul 23, 2009
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    Do you know how can I prevent running binary files from
    cgi or shell access or php ...?
    like this:
    sh: /path/file: Permission denied
     
  2. bhd

    bhd Well-Known Member

    Joined:
    Sep 20, 2003
    Messages:
    149
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    JNB ZA
    cPanel Access Level:
    Root Administrator
    Depends what binary it is. Usually making sure it's ownership is root:root and changing it's permissions to 700 does the job.
     
  3. reporter

    reporter Active Member

    Joined:
    Jul 23, 2009
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    Thank you!
    but I mean is user upload a binary and try to excute it!
    not specific file to change the permission and owner:P
     
  4. reporter

    reporter Active Member

    Joined:
    Jul 23, 2009
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    There is many experts in this forums,
    nobody know?:p

    I want to prevent excuting binary files in /home,
    then users can't excute any binary file by command from perl or php...


    Thank you!
     
  5. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Hello,

    You can make a lot of options to do that such as

    suphp.conf
    php.ini

    Also don't forget about
    /etc/fstab => noexec,nosuid
     
  6. cPDan

    cPDan cPanel Staff
    Staff Member

    Joined:
    Mar 9, 2004
    Messages:
    711
    Likes Received:
    3
    Trophy Points:
    18
    Executing something isn't really a problem. Executing something you didn't expect to is (e.g. wordpress exploit allows hacker to upload a script that then lets then do whatever they want as that user).

    As long as that can't happen then the user is the only one that can run stuff and all they can see/do is already limited by the system privileges.

    For example, lets say you are able to find a way to prevent a user from executing perl. What about a hacker that instead uses a shell, php, ruby, python, etc etc.?

    But if you, instead, harden PHP (how Apache runs it, what its allowed to do, etc) and make sure your users always update their PHP scripts then you're covered (essentially) no matter who tries what.
     
Loading...

Share This Page