Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Serious Security Issue - how to fix?!

Discussion in 'Security' started by brianteeter, Mar 11, 2003.

  1. brianteeter

    brianteeter Well-Known Member

    Joined:
    Jan 6, 2002
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    306
    Here it is:

    root@servername [/home]#

    drwx--x--x 11 user1 user1 4096 Nov 27 13:09 user1/
    drwx--x--x 12 user2 user2 4096 Oct 8 03:46 user2/

    root@servername [/home]# su - user1
    bash-2.05$ pwd
    /home/user1
    bash-2.05$ cd ..
    bash-2.05$ pwd
    /home
    bash-2.05$ cd user2
    bash-2.05$ pwd
    /home/user2
    bash-2.05$ ls
    ls: .: Permission denied

    Looks good so far right? User 1 cannot see User 2's stuff. Well:

    bash-2.05$ pwd
    /home/user2
    bash-2.05$ cd public_html
    bash-2.05$ pwd
    /home/user2/public_html
    bash-2.05$ ls
    cart index.php cgi-bin time.php


    Doh! This is seriously not good. Users can browse into, and read other user's site data. Do I need to spell out the implications here?

    OK, here's the fix that we've put in place:

    chmod 751 /home/*/public_html

    But, I doubt that it the best fix or even the right one. Not to mention, next time CPanel creates an account it will create it insecurely.

    Any suggestions? CPanel folks, is there a better way to fix this?

    Thanks - Brian
     
  2. xsenses

    xsenses Well-Known Member

    Joined:
    Aug 29, 2002
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Huntington Beach, Ca
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice