Solved

symbolic links fright

Posted on 2009-05-14
6
450 Views
Last Modified: 2013-11-30
Hello

the cpanel allow to manage symbolic link via fiale manager edit, show content , extract files content symbolic links files ... etc

this can cause hacking , I hope to some one help to disallow all operations on symbolic links in cpanel and make symbolic links files as files disabled or not allow

thank you very much
0
Comment
Question by:xserverx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 43

Expert Comment

by:ravenpl
ID: 24392851
I don't know the cpanel, but You can disable symlinks with .htaccess

Options -AllowSymLinks

the downside is the mod_rewrite requires it - will stop working if symlinks are disabled.
0
 
LVL 40

Accepted Solution

by:
noci earned 500 total points
ID: 24392913
I think you need to readup on SElinux policies to pull this off.
And deny certain things to be done.
See more:
http://en.wikipedia.org/wiki/Selinux
0
 

Author Comment

by:xserverx
ID: 24397241
ravenpl: mod_rewrite work behind Options -AllowSymLinks

SElinux : dowsn't work with cpanel

help please :(
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 43

Expert Comment

by:ravenpl
ID: 24398938
> ravenpl: mod_rewrite work behind Options -AllowSymLinks
It's required by mod rewrite used in .htaccess

Anyway, what You expect - apache to ignore symlinks, or Linux to disable creation of symlinks?
0
 

Author Comment

by:xserverx
ID: 24400373
I think you are talking about FllowSymLinks not AllowSymLinks
the mod rewrite work without FllowSymLinks

in Linux anyone can create symbolic links to specifics files from their computer then compress as tar.gz , from cpanel its possible to extract this archive so symbolic link work fine in cpanel he can edit the target file via file manager editor and download the file ... etc (cpanel doesn't work behind apache for we can stop this matter with Options -FllowSymLinks ).

what is the solution here , is it possible for example to reconfigure cpsrvd for control symbolic links , or what can we doing to stop this ?


0
 

Author Closing Comment

by:xserverx
ID: 31581525
thank you
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
can i read my emails on lamp ftp 4 65
Zultys IP phone on home network 19 52
DB2 9.7 Grant Execute SP 4 50
Bash script to include windows servers 13 32
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Suggested Courses

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question