Hi,
I've been playing hardly with this over few days and without effect. Is there any way to disable perl and shell access to all users (especially 'nobody' one)? I really have no idea what to try next :/
I tried almost everything ... and still can't find the way how to prevent perl scripts from being executed by users. I mean block in that way to keep cPanel workable.
I tried to write simple wrapper in bash that is controling UID and with 'exec /usr/bin/perl $1' when test is passed, but it seems that webmail need binary perl.
Ater I realized that disabling perl access for all users is too difficult task, I tried to disable it only for 'nobody' user (this is really important to me). I created separate 'perl' group, and added to this newly created group all users EXCEPT 'nobody' one.
permissions has been set to:
-rwxr-x--- 1 root perl 969091 Aug 9 04:52 /usr/bin/perl
but after this, all users can't access their webmail at 2096 port, /usr/local/cpanel/base/webmaillogin.cgi which is loaded after successful user&passwd authentication is ... not working - can't be loaded :/
Really can't find out what is the reason of this, the file is using '#!/usr/bin/perl' as interpreter, has an access, but can't work correctly.
Trying to 'strace' the'cpsrvd' - the parent process and forked webmail one, but 'strace' is saying that after reaching webmaillogin.cgi ... all is stopped, and in fact, users see blank page without webmail screen.
And here's the paradox, that I cannot explain:
let's choose example user 'frodo', after I do
chown root:frodo /usr/bin/perl
(-rwxr-x--- 1 root frodo 969091 Aug 9 04:52 /usr/bin/perl)
webmail is working great for frodo and only for frodo ...
How it is possible, that webmail is NOT working when frodo is in 'perl' group that has the same access rights as frodo when is set as group owner of perl file?
In both situations 'frodo' has THE SAME access rights to '/usr/bin/perl', so why webmail is only working when 'frodo' is group owner of the file ??
All I want is to disable perl and cgi access for users ... really have no idea how to achieve this :/
I've looked through mod_security documentation trying to find an option to block '#!/' string (to prevent users from uploading any scripts using http). But it seems that mod_security is not supporting option to analyse all data layer in order to detect particular string :/
I was so desperate, and set up snort to filter all data layer packets, but it's a problem when it comes to detect '#!/' because of special characters inside. Even guys in freenode's #snort IRC channel couldn't help me with this ... we've tried even put the searched content in hex, without effect :/
Please, if any of you have an idea how to deal with this and finally block that PERL to users (especially 'nobody') and keeping cPanel workable ... I'll be in debt
Really appreciate any help,
thanks
I've been playing hardly with this over few days and without effect. Is there any way to disable perl and shell access to all users (especially 'nobody' one)? I really have no idea what to try next :/
I tried almost everything ... and still can't find the way how to prevent perl scripts from being executed by users. I mean block in that way to keep cPanel workable.
I tried to write simple wrapper in bash that is controling UID and with 'exec /usr/bin/perl $1' when test is passed, but it seems that webmail need binary perl.
Ater I realized that disabling perl access for all users is too difficult task, I tried to disable it only for 'nobody' user (this is really important to me). I created separate 'perl' group, and added to this newly created group all users EXCEPT 'nobody' one.
permissions has been set to:
-rwxr-x--- 1 root perl 969091 Aug 9 04:52 /usr/bin/perl
but after this, all users can't access their webmail at 2096 port, /usr/local/cpanel/base/webmaillogin.cgi which is loaded after successful user&passwd authentication is ... not working - can't be loaded :/
Really can't find out what is the reason of this, the file is using '#!/usr/bin/perl' as interpreter, has an access, but can't work correctly.
Trying to 'strace' the'cpsrvd' - the parent process and forked webmail one, but 'strace' is saying that after reaching webmaillogin.cgi ... all is stopped, and in fact, users see blank page without webmail screen.
And here's the paradox, that I cannot explain:
let's choose example user 'frodo', after I do
chown root:frodo /usr/bin/perl
(-rwxr-x--- 1 root frodo 969091 Aug 9 04:52 /usr/bin/perl)
webmail is working great for frodo and only for frodo ...
How it is possible, that webmail is NOT working when frodo is in 'perl' group that has the same access rights as frodo when is set as group owner of perl file?
In both situations 'frodo' has THE SAME access rights to '/usr/bin/perl', so why webmail is only working when 'frodo' is group owner of the file ??
All I want is to disable perl and cgi access for users ... really have no idea how to achieve this :/
I've looked through mod_security documentation trying to find an option to block '#!/' string (to prevent users from uploading any scripts using http). But it seems that mod_security is not supporting option to analyse all data layer in order to detect particular string :/
I was so desperate, and set up snort to filter all data layer packets, but it's a problem when it comes to detect '#!/' because of special characters inside. Even guys in freenode's #snort IRC channel couldn't help me with this ... we've tried even put the searched content in hex, without effect :/
Please, if any of you have an idea how to deal with this and finally block that PERL to users (especially 'nobody') and keeping cPanel workable ... I'll be in debt
Really appreciate any help,
thanks
