The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

warning safemod is not enough security

Discussion in 'Security' started by s_2_s, Dec 15, 2004.

  1. s_2_s

    s_2_s Well-Known Member

    Joined:
    Aug 9, 2004
    Messages:
    215
    Likes Received:
    0
    Trophy Points:
    16
    warning
    i'm a server owner and ofcourse i disable all dangerous php function and running in safe mode
    but there is a php script that could bypass safe mode and could obtain my /etc/passwd + any files under public_html
    also in same time phpshell and telnet.cgi all cannot run even ebcause of restritions i made

    also Kernel 3 sounds to have a recent exploit that may probable give root access to the server or just crash kernel "gide root name pass"

    also heard poeple could bypass safemod through .htaccess are there any way for us to know which .htaccess is trying to bypass safe mode

    REPLIES NEEDED PLEASE
     
  2. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16

    Yup, /etc/passwd has read access for all users... so that's quite doable... it could also get any other files that are readable by all. The public html files are also set for reading by all... so the webserver can read them. Many other files are lik that as well... This would include your apache httpd.conf file and the cpanel account files. This is what hosting on a shared system is like. It's much less a security problem than running all apache processes as root.

    What do you mean by 'Kernel 3'? Are you trying to say Redhat Enterprise 3? If you're running a linux server, you can probably type 'uname -a' to find out what kernel you're running. Always keep your kernel up to date... it's not that hard.

    Yes, I did read something here about people bypassing safe mode by using a php.ini file in their directories... and I suppose the same commands in an htaccess file would work as well (if you have that enabled). Search this forum to find the thread that this was discussed.
     
  3. s_2_s

    s_2_s Well-Known Member

    Joined:
    Aug 9, 2004
    Messages:
    215
    Likes Received:
    0
    Trophy Points:
    16
    for the kernel exploit i only heard from a client on my server that he can exploit the latest kernel and crach it <<<<< not verified

    for the safe mode bypass this is what i'm talking about ------- poeple on my server could bypass the safe mode protection and they showed me proves that they can read each and every php/cgi source file however i disabled all dangerous commands exe system exec_shell and all that i was adviced to disable in adition all compilers are disabled and serios commands wget,c*,gcc* all of these and more can only work under root only but they are still able to bypass the hell out of the safemode and all disabled service [ i'm sure that i really know how to disable safe modeand i tested that by uploading phpshell and telnet and i verified that i myself cannot run any command in phpshell due to safe mode and diabled service................................................i understand that /et/cpasswd and httpd.conf are world readable but when i disable all those php service +safe mode on then they can't run the commands to view them atleast
     
  4. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    The latest kernel for RHEL3 is 2.4.21-20.0.1 - is that what you're running?
    If he can indeed crash it, he should report the bug so it can be fixed. But I think you must be running an older (and insecure) kernel that has already been fixed.

    There was a thread around here somewhere discussing all that, about turning off safe mode with php.ini and how to stop it... search for it to find the thread. Maybe you'll get some ideas there.
     
  5. s_2_s

    s_2_s Well-Known Member

    Joined:
    Aug 9, 2004
    Messages:
    215
    Likes Received:
    0
    Trophy Points:
    16
    i'm running 2.4.20-31.9 kernel v.

    the kernel V. is not the problem
    i just wanted to report to all mates that they are not safe under safemode on and when disabling the dangerous php services and that i did all that and poeple could bypass it somehow still unknown to me thats all
    i did many searched on the forum casn't see the thread talking about how to prevent users from bypassing safemod protection not here not in ev1 fourms :-/ would appreciate anyone paste the link for the thread please
     
Loading...

Share This Page