The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Perl Jail?

Discussion in 'General Discussion' started by geoffellis, Jan 17, 2009.

  1. geoffellis

    geoffellis Member

    Joined:
    Mar 12, 2006
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Its come to my attention that Perl scripts have atleast system wide read access? a russian perl shell script was uploaded... and ive managed to browse any directory i want... cant figure out any of the other commands that might allow me to do more (russian afterall), but the fact that all the directories are accessable... tells me something is wrong with the jail shell cpanel uses?

    any way to restrict perl scripts to their own user space? the scripts do run as their user... yet no limits on their access it looks like:/
     
  2. dropby23

    dropby23 Well-Known Member

    Joined:
    Jan 16, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    16
    i am looking for that too
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,466
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I wouldn't suggest running any script on your server you can't even read. Bad idea. Are you running SuPHP on your server?
     
  4. geoffellis

    geoffellis Member

    Joined:
    Mar 12, 2006
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Someone was running it already... i simply found it and discovered i could move browse system directories...

    As for SuPHP... what does that have to do with Perl??
     
  5. johny_gjx

    johny_gjx Active Member

    Joined:
    Apr 15, 2005
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    It has nothing to do with perl but if you run suphp and let go of openbase restriction and change the permissions server wide, that perl code should stop being able to browse things.

    People often leave suphp and go for php as module, this way php openbase protection comes to limit php to the users' home directory (but nothing limits perl to users' home directory) as for the permissions in this scenario many files must be 777 to work probably, so I'd say they would be good targets for that perl script. :D

    Also perl must be running under cgi too and you'll need a script to reset bad permissions daily.

    Also I'd be glad to check your perl shell code if you don't mind, It would help me to see what I said is right about this case or not.
     
Loading...

Share This Page