The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security BuG in all cpanel versions

Discussion in 'Security' started by DevBreak, Jul 13, 2006.

  1. DevBreak

    DevBreak Active Member

    Joined:
    Jun 26, 2006
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    0
    any user can run with cron job linux comands an exemple is
    cat /etc/passwd
    and many others like ls,chmod, chown, .....
    temorary sloved by disable Crontab from the feature list


    Regards . . . .
    Waiting for solution
     
  2. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    Users can always read /etc/password with Perl or PHP scripts or indeed anything else, so this is nothing new nor a bug.

    What other things can users do through cron jobs that you believe they shouldn't be able to?
     
  3. DevBreak

    DevBreak Active Member

    Joined:
    Jun 26, 2006
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    0
    exemple wget but thid can be disable with chmod
    tar
    ./configure
    ./make

    and any other this are runned with tweak security enable and test with user without shell

    I just disable crontab

    with php and cgi users cant read that file on my server
     
  4. dropby23

    dropby23 Well-Known Member

    Joined:
    Jan 16, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    16
    they can read with perl it is the how linux works its not a security bug but you can chmod critical binrys if u want like
    wget fetch lynx links rcp nc elinks ...
     
Loading...

Share This Page