Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Security BuG in all cpanel versions

Discussion in 'Security' started by DevBreak, Jul 13, 2006.

  1. DevBreak

    DevBreak Active Member

    Joined:
    Jun 26, 2006
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    156
    any user can run with cron job linux comands an exemple is
    cat /etc/passwd
    and many others like ls,chmod, chown, .....
    temorary sloved by disable Crontab from the feature list


    Regards . . . .
    Waiting for solution
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    166
    Users can always read /etc/password with Perl or PHP scripts or indeed anything else, so this is nothing new nor a bug.

    What other things can users do through cron jobs that you believe they shouldn't be able to?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. DevBreak

    DevBreak Active Member

    Joined:
    Jun 26, 2006
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    156
    exemple wget but thid can be disable with chmod
    tar
    ./configure
    ./make

    and any other this are runned with tweak security enable and test with user without shell

    I just disable crontab

    with php and cgi users cant read that file on my server
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. dropby23

    dropby23 Well-Known Member

    Joined:
    Jan 16, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    166
    they can read with perl it is the how linux works its not a security bug but you can chmod critical binrys if u want like
    wget fetch lynx links rcp nc elinks ...
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice