10-21-2013, 09:32 AM #1Temporarily Suspended
- Join Date
- May 2013
cPanel account restore - possible security risk
I am not sure if it is already discussed. But I feel this should be fixed asap ( must of simple for cPanel guys ).
Today I have been playing with my test cPanel server. I thought to have some look into the reseller settings today and I found a serious anomaly while my works. On now..what it is…
I know very rarely we need the “All Features (warning: total and complete access)” privilege granted for a reseller. Because that privilege will give root level access to the reseller on the server, which is not allowed. So generally no-one with a root level WHM access is not able to create a reseller with all privileges. So it is obvious that anyone with root privilege ( like VPS owners ) can create “all privilege” reseller. Now what happened when we restore such a reseller to a server? What changes does it make compared to a normal user or a reseller without any privilege? So far I couldn’t find any. I couldn’t find any specific messages or difference in restore process for a normal user, reseller without “all” privilege” or with “all” privilege. I could find common message only with any of them ( in fact the admins I found don’t worry about the restore messages until they find any specific error while restoration ).
Last edited by bear; 10-21-2013 at 11:04 AM.
10-21-2013, 12:47 PM #2Problem Solver
- Join Date
- Mar 2003
- California USA
This is a well known issue. This has been known for years and any admin who works with cpanel servers needs to know this.
First off, restoring an untrusted backup without investigating it is a horrible idea, there is multiple ways you can compromise a server with it. They are building an untrusted backup restore system.
Second, you should always restore with --skipres to keep that 'all' feature from being added.
[email protected] [/home]# /scripts/restorepkg
warn [restorepkg] Missing or invalid argument
restorepkg [--force] [--skipres] [--override] [--ip=(y|n|Custom IP)] -- [cpuser|/path/to/cpuser-file]
To specify a dedicated IP for a restored account, the "--ip" option requires an argument of "y" for yes,
or "n" for no. Additionally, an IP argument may be specified to set the desired dedicated IP.
Security Note: The Backup Restoration System is not designed to handle untrusted data.
There are a variety of ways a malicious user can add or escalate privileges
to an account backup package. cPanel, Inc. strongly recommends that you
do not restore data from anyone you would not trust with root access
to the server.
cPanel, Inc. is designing a restoration system that is intended to work with
For more information, please see: http://go.cpanel.net/insecurerestoreaccount
If you choose to ignore this warning, you should use --skipres to minimize the risk.
[email protected] [/home]#
Steven Ciaburri | Proactive Linux Server Management - Rack911.com
Managed Servers (AS62710), Server Management, and Security Auditing.
10-21-2013, 10:52 PM #3Temporarily Suspended
- Join Date
- May 2013
Thank you very much for the reply Steven. But I see most people are not very careful doing restore, especially doing bulk account restore. Also skip reseller priv option is not available from WHM where most medium techie / sales level people use front-end to restore accounts. And it is very interseting to know that this is being here as a known issue for a few months. Anyway glad to hear that cPanel is working on it.
By monitor2000com in forum Dedicated ServerReplies: 12Last Post: 11-30-2009, 05:41 AM
By gcorpz in forum Employment / Job OffersReplies: 1Last Post: 05-18-2006, 10:15 AM
By nogi in forum Hosting Software and Control PanelsReplies: 15Last Post: 02-21-2003, 10:31 PM
By iago in forum Hosting Security and TechnologyReplies: 16Last Post: 12-26-2002, 07:34 PM
By Aplusmedia in forum Hosting Security and TechnologyReplies: 3Last Post: 10-13-2002, 05:02 PM