The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Quesion about ln command ?

Discussion in 'Security' started by assassin85, Oct 21, 2009.

  1. assassin85

    assassin85 Active Member

    Joined:
    Jul 24, 2007
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    hello

    for security reason i make ln command with permission 700 and i chatter +i the file located /bin/ln

    the question is , it this security i made will be effect in ANY functions about cpanel work , update , etc ....?

    thanks
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    There is a balance between securing things and breaking your server ...

    'ln' is one of these functions that sits right on the line.

    For this reason, I do not recommend locking it down or more accurately setting it root access only as there are a number of processes I can think of immediately that you would break on Cpanel servers.

    Instead of completely locking access, you might want to consider
    replacing it with a wrap shell to log and control user access better.
     
  3. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    I recommend avoiding any use of the immutable attribute; using the immutable bit can and will lead to difficulties that may not be immediately evident from the start, including non-cPanel-related activity such as normal OS updates (that may need to update the "ln" binary) or other 3rd-party script installation functions (that may need to create symlinks using "ln").

    Just to note: I've relocated the thread into the cPanel and WHM Security forums so that it may receive more attention and relevant discussion.
     
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Actually there is purpose to setting the immutable flag ...

    It prevents general updates from blowing away the locked down permissions so in this case the +i that the user spoke of would be
    specifically to block the very updates you described.

    Now with that said, if the user sets that flag, it would also be their
    additional responsibility to make the necessary updates manually
    as new updates or patches are released.

    One way to minimize the need for this though is to stay current
    with the newest and very latest version of whatever command
    you have locked down and set immutable. Most Linux flavors
    stay somewhat behind on component versions behind the actual
    versions currently available if you manually download the origin
    source and compile yourself verses grabbing them from yum.

    In this particular case, I would grab the newest source for the
    commands the user spoke of and get that well updated before
    locking down the command.
     
  5. assassin85

    assassin85 Active Member

    Joined:
    Jul 24, 2007
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    nobody ask me why i would make permission like this ?

    because hackers able to read files with ln command instead of cat or pic or the other read command , ln command make a shourtcut for files exists in the server , or files want to read it specific , for example /etc/passwd

    all this operations running under perl scripts ,

    there is two CIRTICAL bugs in file manage so had to disable file manager for the whole server

    the first server in the frontpage

    u may want to check the following link to see how can bypass to server
    bypass safe mode cpanel exploit on Frontpage


    the 2nd bug want to talk about is the file manager bypass with rar ext

    if u disable perl , they make the commands they want in another server have perl enabled , then they tar or compress the command that was in text file and download it , upload it to the server that have perl disable and extract it , and surprise !!!
     
  6. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    I don't know about you but I just simply wrote my own "ln" command!

    Mine doesn't allow any symlinks to /etc/passwd or related and does
    not allow symlinks be setup inside hosting accounts or to system files
    unless explicitly done so by root. It also logs all symlink attempts.

    Aside from that, it looks, functions, and operates like regular "ln".

    Anyway, the point is other than permission changes, you might
    consider replacing the commands.

    Ironically this is actually a hacker technique normally used to compromise
    a system being used instead to protect it. ;)
     
Loading...

Share This Page