The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

wget and upcp

Discussion in 'General Discussion' started by DN-Paul, Mar 19, 2005.

  1. DN-Paul

    DN-Paul Well-Known Member

    Joined:
    Oct 30, 2003
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    Quite a few people here chmod wget to something other than 755 to stop it being abused, this also breaks automated cpanel updates because it can't use wget (for updating CPAN etc).

    Is there any easy way around this short of creating a cron to run just before upcp which will enable wget, then create another to run after upcp to disable wget again (or add these commands to /scripts/upcp myself - but they'll get overwritten by updates, right?)

    Why don't cPanel add a couple of extra lines to /scripts/upcp to check wget at the beginning and chmod it to whatever's needed, then at the end of upcp chmod it back to what it was?
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    If you simply chmod wget to 700 (instead of 000) you should not have a problem asthen only root can execute the binary (upcp runs under root and so can run it at will). You're still protected and upcp still runs unaffected.
     
  3. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    I agree with chirpy, go 700 if anything other than default. Note there are other tools that can be used to grab files, such as perl's LWP GET, lynx, etc.

    You could indeed set up a crontab to run before UPCP which will chmod back from 000, than change it back with the postupcp script. That said, is there really any point to chmoding wget to 000 ? Think about it, if a user gain's root access to your server, you've got bigger problems to worry about, and it would be a no brainer for the attacker to change the permissions at that point.
     
  4. DN-Paul

    DN-Paul Well-Known Member

    Joined:
    Oct 30, 2003
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    I dunno, personally I have all of mine at 700. But some boxes I was working on the other day had theirs at 000 which is what prompted me to ask about cpanel cheking these things before upcp runs, rather than spitting out errors about all mirrors being down.
     
Loading...

Share This Page