store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Thu Jun 27, 2019 2:06 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: running exec
Unread postPosted: Mon Jan 16, 2017 9:50 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
I've recently set up a particular script and associated bits and bobs and eventually got it to work.

Then it hit me, hard, that it should NOT have worked. Or at least I don't think it should have.

I have a site running with php 5.6 (php-fpm mode)

In /httpdocs there's a file we'll call "file.fcgi" which has standard perms and owner (ftpuser) and contains :

Code:
#!/bin/sh
exec /opt/directory/somefile_cgi


/opt/directory/somefile_cgi is actually a perl script and is world executable.

And as I say, it works. Accessing domain.tld/file.fcgi causes the perl script to run.

How is this possible? I realise the somefile_cgi is world executable. But how is ftpuser able to run "exec"?
Shell access is disabled for this user. I've checked /etc/passwd and the shell is /bin/false for the particular ftpuser.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
 Post subject: Re: running exec
Unread postPosted: Tue Jan 17, 2017 9:27 am 
Offline
Forum Regular
Forum Regular

Joined: Tue Aug 01, 2006 2:45 pm
Posts: 573
Location: Netherlands
Quote:
How is this possible? I realise the somefile_cgi is world executable. But how is ftpuser able to run "exec"?
Shell access is disabled for this user. I've checked /etc/passwd and the shell is /bin/false for the particular ftpuser.


This only prevents the user from being able to login to a shell. It does not forbid programs from running with the privileges of that user, if your system starts them.

You have configured your web server to start a program ("file.fcgi"), and it will run that program. This is what happens. If you want to prevent that from happening, just don't configure your web server to run this program! ;-)

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
Reply with quote  
 Post subject: Re: running exec
Unread postPosted: Tue Jan 17, 2017 10:17 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
Are you saying disallow fcgi file processing?

I'd have to remove /etc/httpd/conf.d/mod_fcgid.conf.
Won't that break .... lots of things?

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group