Results 1 to 4 of 4
  1. #1

    /etc/passwd and /etc

    Hi is normal that some user in the sistem can list files in /etc and /etc/password?

    Can you confirm if this is true:
    is normal that the server allow a user to list all users with php? This is part of a cPanel server, this is done by getting a list of the directories in /home/

    Is normal that a user with php can see all contenct of /etc?
    The contents of the /etc shouldn't be 100% viewable but yes some files will be viewable

    is normal that a user can check the /etc/passwd?
    All users must be able to access this file in order for the operating system to spawn shells

    I want to know if is safely that one user with php can read /etc/passwd an see al information that this file have

    Thanks, Daniel.

  2. #2
    Join Date
    Jul 2008
    Location
    Manitoba, Canada
    Posts
    122
    Enabling open_basedir should remedy this for you.
    Scott M. | RDS//Hosting
    Business Web Hosting Solutions Since 2004
    Personal, Semi-Dedicated Business, DirectAdmin Reseller Accounts
    http://www.rdshosting.net | PH. 1.877.442.7674

  3. #3
    Join Date
    Sep 2010
    Location
    Philadelphia
    Posts
    406
    Yes, /etc/passwd is world readable, it's really /etc/shadow that shouldn't be.
    Chris Rogers - crogers@inerail.net
    Inerail - Servers, Colocation, IP Transit
    Performance, Reliability, Security
    New York Philadelphia London Salt Lake City

  4. #4
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,873
    Perfectly normal and safe for users to be able to view /etc/passwd and most files under the /etc/ directory. As Chris pointed out, it's the /etc/shadow file that the users shouldn't be able to read - it's what contains the actual password hashes.
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Free Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  5. Newsletters

    Subscribe Now & Get The WHT Quick Start Guide!

Similar Threads

  1. Replies: 16
    Last Post: 10-22-2012, 01:46 AM
  2. Permission denied: /home/airtrade/etc/airtrade.com.tw/passwd passwd
    By mmanickaraj in forum Hosting Security and Technology
    Replies: 1
    Last Post: 07-20-2008, 02:17 PM
  3. /etc/passwd
    By HD Fanatic in forum Hosting Security and Technology
    Replies: 1
    Last Post: 03-04-2007, 07:40 PM
  4. etc/passwd
    By PresFox in forum Hosting Security and Technology
    Replies: 7
    Last Post: 06-23-2005, 03:31 PM
  5. /etc/passwd
    By jasonkw in forum Hosting Security and Technology
    Replies: 14
    Last Post: 06-25-2003, 11:12 AM

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •