How to prevent running binary files.

reporter

Active Member
Jul 23, 2009
42
0
56
Hello,

Do you know how can I prevent running binary files from
cgi or shell access or php ...?
like this:
sh: /path/file: Permission denied
 

reporter

Active Member
Jul 23, 2009
42
0
56
Depends what binary it is. Usually making sure it's ownership is root:root and changing it's permissions to 700 does the job.
Thank you!
but I mean is user upload a binary and try to excute it!
not specific file to change the permission and owner:P
 

reporter

Active Member
Jul 23, 2009
42
0
56
Hi,

There is many experts in this forums,
nobody know?:p

I want to prevent excuting binary files in /home,
then users can't excute any binary file by command from perl or php...


Thank you!
 

cPDan

cPanel Staff
Staff member
Mar 9, 2004
724
15
243
Executing something isn't really a problem. Executing something you didn't expect to is (e.g. wordpress exploit allows hacker to upload a script that then lets then do whatever they want as that user).

As long as that can't happen then the user is the only one that can run stuff and all they can see/do is already limited by the system privileges.

For example, lets say you are able to find a way to prevent a user from executing perl. What about a hacker that instead uses a shell, php, ruby, python, etc etc.?

But if you, instead, harden PHP (how Apache runs it, what its allowed to do, etc) and make sure your users always update their PHP scripts then you're covered (essentially) no matter who tries what.