cPanel File Manager have to much access (bug?)
Forum
  1. Forums
  2. CloudLinux and Control Panels
  3. CloudLinux and cPanel
  1. Grygory
  2. Thursday, 16 March 2017
  3.  Subscribe via email
Hello cloudlinux team,
i noticed cPanel "File Manager" working not in cage and support symlinks following, it allows normal cpanel user upload own symlink pointed to some file (for example /etc/passwd) or directory at server with global readable permissions and read it, also user can just put some files in writeable directory to run out all inodes at partition. Also i noticed cpanel user can just write into own "etc/website_folder/passwd and shadow" for create new mailboxes avoiding plan limits. Please explain it bugs or just missconfiguration?
Rate this post:
  1. 16.03.2017 20:03:19
  2. # 1
Bogdan Accepted Answer
Posts: 709
Joined: 26.06.2013
0
Votes
Undo
Hello,

cPanel features like file manager or webmails are workign with own services. They are not entering CageFS at all. The solution for symlink creation issue is to enable Link Traversal Protection: http://docs.cloudlinux.com/index.html?link_traversal_protection.html
  1. 17.03.2017 20:03:38
  2. # 2
Grygory Accepted Answer
Posts: 0
Joined: 23.08.2019
0
Votes
Undo
Hello,

cPanel features like file manager or webmails are workign with own services. They are not entering CageFS at all. The solution for symlink creation issue is to enable Link Traversal Protection: http://docs.cloudlinux.com/index.html?link_traversal_protection.html

Thank you for recommendation, but what about ability create mailboxes by write directly in user "etc/website folder/passwd and shadow" files avoiding cPanel tarif plan limits?
  1. 17.03.2017 20:03:33
  2. # 3
Bogdan Accepted Answer
Posts: 709
Joined: 26.06.2013
0
Votes
Undo
I am not sure I understand.. could you please provide me with a steps needs to be done to reproduce possible issue?
  1. 19.03.2017 15:03:39
  2. # 4
Grygory Accepted Answer
Posts: 0
Joined: 23.08.2019
0
Votes
Undo
I am not sure I understand.. could you please provide me with a steps needs to be done to reproduce possible issue?


1) Have cPanel account with limited mailbox count.
http://meson.ad-l.ink/7RsVdMNwb/image.png

2) Edit files "etc/domainname/passwd" and "etc/domainname/shadow" with cPanel File Manager to add new mail account.
http://meson.ad-l.ink/6sSbg45NK/image.png
This files have permissions 640 with owner acountname:mail to give dovecot ability read it. After save edited files group permissions will be dropped and dovecot unable access them, to give him access again we can set red permissions for all.
http://meson.ad-l.ink/8rLHfq9yD/image.png

3) Use new accounts do not care about limits and warning.
http://meson.ad-l.ink/6WR2lWZc5/image.png
  1. 20.03.2017 14:03:02
  2. # 5
Bogdan Accepted Answer
Posts: 709
Joined: 26.06.2013
0
Votes
Undo
Hello,

I was able to reproduce the issue, however I worry we from CloudLinux side could not fix it. This all is handled by cPanel functionality, and it should be reported to cPanel team. Better to create support ticket with with them, or write to their forum.

Thank you.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.