The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

unsecure Plugin LiveApi PHP Script shows source and PASSWORD

Discussion in 'cPanel Developers' started by Mrg, Apr 19, 2012.

  1. Mrg

    Mrg Member

    Joined:
    Feb 8, 2012
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    i wrote a plugin to connect to a remote mysql host and read some data.

    /usr/local/cpanel/base/frontend/x3/remtool/remtool.live.php

    works create, but f.e. all user with php or all cronjobs can read this file and SEE THE PASSWORT of the mysql connection
    the file must be readable to world, otherwise cpanel frontend display "access denied"

    how can i solve this?
    i want to run a php plugin which source is not readable from other cpanel users.

    thanks
    hope i explained enough
     
  2. cPanelDavidN

    cPanelDavidN Integration Developer
    Staff Member

    Joined:
    Dec 17, 2009
    Messages:
    571
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    You should not place the password in plain text in you LiveAPI plugin.

    Because plugins are normally run as the cPanel user, the source must be readable by the user. The only way to avoid that is to have a standalone application that runs as a specific user, which is not possible using LiveAPI (but you could do it if you have a std PHP application and use AppConfig which allows you to specify the system user to serve the application with as well as specify a custom php.ini).

    The most direct path available to you that I can think of, if you wish to use LiveAPI, would be to have your database operations live in a separate codebase, and have your LiveAPI code request data or database actions via execution of a privilege escalation script (whether it's from a direct system call or through a custom cPanel Perl module). However, this pattern is very important to perform correctly: if you have a script that will escalate to root, so that it can read a private file to get remote credentials and perform arbitrary actions, it's the same as just giving them the password. You have to have proper sanity checks in your escalation script!

    As long as you have user-served code accessing a shared database (remote or local), you're going to have problems if you try to have all the logic in a LiveAPI script. You need to have a clean API for you application's logic and only use the cPanel LiveAPI as a frontend...it purpose should be making requests on the user's behalf to your secure codebase. These "API requests" should go through a privilege escalation script, which verifies that the calling user is only requesting operations against data they own, and then perform the operation and return the result

    If you don't need access to cPanel's API1 or API2 functions, then you can just have a normal PHP app that lives in /usr/local/cpanel/base/3rdparty/* and use AppConfig to server the application as a system user you create when you deploy your plugin. This allows you to set the password file to read-only for that system user. This is the most straight forward approach, but it means that you don't have local cPanel API1 and API2 access; you'd have to use the Remote API (pointing to the loopback IP) to trigger those API calls.

    Regards,
    -DavidN
     
  3. Mrg

    Mrg Member

    Joined:
    Feb 8, 2012
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    thanks a lot
    helps much

    privilege escalation script is nice, now we run special phpscripts with rootprivs
    of cause we safe the wrapper (only exec phpscripts of a special directory, escaping args and so on)

    regards
     
Loading...

Share This Page