Στις 3/7/2013 8:23 μμ, ο/η Chris Angelico έγραψε:
What are the file permissions (file modes) on all your home
directories? Do you know what they mean?
root@nikos [~]# ls -al /home
total 88
drwx--x--x 22 root root 4096 Jul 3 20:03 ./
drwxr-xr-x 22 root root 4096 Jun 12 01:21 ../
drwx--x--x 14 akis akis 4096 Apr 5 22:21 akis/
same with others just +x for group and others.
Does that mean you can easily i.e. 'cd /home/akis/' accessing their home
directories?
Yes.
You can cd to the other users home directories but you wont be able to
view their files because of the lack of +r attribute.
But i'll remove it just in case by:
chmod go-x -R /home/whatever_username
Yes they do, but cPanel offers some protection against these kind of
methods
called "CPHulk" so it wont be easy!
Neat. Now I know how to lock you out of your own account. Five seconds
with Google brought this up:
http://docs.cpanel.net/twiki/bin/view/11_30/WHMDocs/CPHulk
Can you, by reading that page, tell me what I would have to do to stop
you from accessing your login?
yes constantly ping my server by faking you ip address as my ip address
so to force CPHulk to refuse to let me login.
Of course the same page provides a means of how to unlock myself in case
that happens.
Also, CPHulk does not appear to have _any_ protection against
privilege escalation. It's a completely different thing.
Yes, it does not. Its mostly a way to block nmap requests of pinging and
identifying of services running on the server itself.
--
What is now proved was at first only imagined!
--
http://mail.python.org/mailman/listinfo/python-list
