/usr/local/cpanel/bin/rebuild_sprites can be run as capnel user?

Operating System & Version
CentOS 7.9
cPanel & WHM Version
108
StefanPejcic

StefanPejcic

Member
Mar 17, 2021
17
4
3
Belgrade, Serbia
cPanel Access Level
Root Administrator
Hello, I've noticed that the /usr/local/cpanel/bin/rebuild_sprites script does not require a user check, unlike the sprite_generator or the majority of other scripts in the folder, and may thus be executed by regular cpanel users.

Is this behavior intended? Are there any potential security risks?


Example:
The rebuild process is not CPU-intensive, but if a user runs it XXXXXXXXXXX times, and errors are generated, it can quickly fill du on /usr and potentially bring down the entire server due to writing in /usr/local/cpanel/logs/error_log
 

Attachments

You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
R In Progress CPANEL-39889 - Cron <root@dashboard> /usr/local/cpanel/3rdparty/bin/freshclam --quiet --no-warnings Security 24
D Server Intrusion: The login shell has changed from '/usr/local/cpanel/bin/jailshell' to '/bin/bash' Security 13
bloatedstoat SOLVED [CPANEL-21113] Virus Scan hammers /usr/local/cpanel/logs/error_log Security 9
K /usr/local/cpanel/bin/jail_safe_passwd Segmentation fault Security 1
bloatedstoat SOLVED Purge /usr/local/cpanel/bin/autossl_check_cpstore_queue Security 4
Similar threads
In Progress CPANEL-39889 - Cron <root@dashboard> /usr/local/cpanel/3rdparty/bin/freshclam --quiet --no-warnings
Server Intrusion: The login shell has changed from '/usr/local/cpanel/bin/jailshell' to '/bin/bash'
SOLVED [CPANEL-21113] Virus Scan hammers /usr/local/cpanel/logs/error_log
/usr/local/cpanel/bin/jail_safe_passwd Segmentation fault
SOLVED Purge /usr/local/cpanel/bin/autossl_check_cpstore_queue
Top Bottom