The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Serious hole in curl

Discussion in 'General Discussion' started by rustelekom, Nov 2, 2004.

  1. rustelekom

    rustelekom Well-Known Member
    PartnerNOC

    Joined:
    Nov 13, 2003
    Messages:
    290
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    moscow
    Just check folllowing code:

    <?
    $ch = curl_init("file:/etc/passwd");
    $file=curl_exec($ch);
    echo $file;
    ?>

    or from command mode from shell (include jaild shell):
    curl file:///etc/passwd

    Early, this have been only perl problem, but now all webroot protection in php (safe_mode, pspsuexec, suphp and etc.) will ineffective.

    Any idea for solving this problem?

    PS. Using curl in command mode (php must be a compiled without curl support) will help, but many clients use only libcurl and wouldn't like change all their scripts :(
     
  2. compunet2

    compunet2 Well-Known Member

    Joined:
    Feb 21, 2003
    Messages:
    310
    Likes Received:
    0
    Trophy Points:
    16
    Why would you post this here??? File a trouble ticket. Don't you think hackers may read this???
     
  3. rustelekom

    rustelekom Well-Known Member
    PartnerNOC

    Joined:
    Nov 13, 2003
    Messages:
    290
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    moscow
    i think hackers already now this. moreover similar problem exist in perl within a long time.

    BTW. This is not cpanel only problem. This is problem on all linux system which use mod_php (suexecphp and suphp also have a problem) under apache.

    PS. Really this is not curl problem. This is problem of binding php to libcurl library. PHP.net already informed about this bug.
     
    #3 rustelekom, Nov 2, 2004
    Last edited: Nov 3, 2004
  4. rustelekom

    rustelekom Well-Known Member
    PartnerNOC

    Joined:
    Nov 13, 2003
    Messages:
    290
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    moscow
    Problem may solved easy. Just all admin's which use curl compiled w/php need recompile curl with .configure --disable-file (this feature disable local file curlfeature) and then recompile php as usual.
     
  5. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    16

    easyapache doesn't accomplish this?
     
  6. rustelekom

    rustelekom Well-Known Member
    PartnerNOC

    Joined:
    Nov 13, 2003
    Messages:
    290
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    moscow
    unforunately not.
     
Loading...

Share This Page