The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Protection against Shell Scripts

Discussion in 'General Discussion' started by bin_asc, Dec 25, 2007.

  1. bin_asc

    bin_asc Well-Known Member

    Joined:
    Jul 18, 2005
    Messages:
    280
    Likes Received:
    0
    Trophy Points:
    16
    What methods do you use to get protected ? What modules do you using Apache and php to get protected ?
    I`m interested because I tried suphp, disable_functions and suexec, nothing works. I can still read for example : /etc/passwd.
    Need your suggestions.
     
  2. Vinayak

    Vinayak Well-Known Member

    Joined:
    Jun 27, 2003
    Messages:
    267
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Bharat
    cPanel Access Level:
    Root Administrator
    Have you enabled the open base directory protection in WHM.
     
  3. bin_asc

    bin_asc Well-Known Member

    Joined:
    Jul 18, 2005
    Messages:
    280
    Likes Received:
    0
    Trophy Points:
    16
    You can forget about that, with a normal shell script, that`s very easy to bypass.
     
  4. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Which functions are you disabling via disable_functions in php.ini?
     
  5. bin_asc

    bin_asc Well-Known Member

    Joined:
    Jul 18, 2005
    Messages:
    280
    Likes Received:
    0
    Trophy Points:
    16
    exec, system, popen, passthru, shell_exec, proc_open, proc_close, proc_nice, proc_terminate, pclose
     
  6. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    You may wan to add dl. Also check out more of the File System functions. Also, open_basedir can at least be used to lock the PHP functions to a specific directory.
     
  7. bin_asc

    bin_asc Well-Known Member

    Joined:
    Jul 18, 2005
    Messages:
    280
    Likes Received:
    0
    Trophy Points:
    16
    Well, I did do something, now I can`t browse /home/, but thing is, I can still list /etc/passwd, and I think the only way to stop that is to stop the fopen function which is pretty much out of discussion.

    PS. I can list / too.
     
Loading...

Share This Page