Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

What is THIS?

Discussion in 'Security' started by DjiXas, Sep 11, 2010.

  1. DjiXas

    DjiXas Well-Known Member

    Feb 10, 2007
    Likes Received:
    Trophy Points:
    When will this be fixed?????????????
  2. Davetha

    Davetha Member

    Jun 6, 2006
    Likes Received:
    Trophy Points:
    Hi DjiXas,
    We reported this over a year ago to cPanel. I know a lot of scripts use followsymlinks, so what we ended up doing at is writing a patch for Apache that forced followsymlinks to function the same as the follow symlinks owner match Option.

    Sites can be exploited very easily with follow symlinks being enabled or unpatched.
    #2 Davetha, Sep 12, 2010
    Last edited: Sep 14, 2010
  3. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Apr 7, 2006
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    As the Apache developers themselves note (core - Apache HTTP Server) symlink testing is prone to race conditions that allow the check to be circumvented. Specifically the behavior of SymLinksIfOwnerMatch should not be considered a security safeguard or measure.

    A surer safe guard is to put measures in place that reduce the amount of code that runs as the Apache user ('nobody' on a cPanel system). Things such as suPHP, suexec and so forth can help with this.

    In conjunction with reducing the use of the Apache user, having restrictive ownership and permissions on files and directories will reduce the target vector. Specifically, removing the need for Everyone to have access to files and directories in the user's home directory.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice