Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 17th July 2008, 00:57
CubAfull CubAfull is offline
Junior Member
 
Join Date: Jun 2008
Location: Cuba
Posts: 24
Thanks: 11
Thanked 2 Times in 2 Posts
Question Security risk with suphp? -> ISPConfig?

Hello people
First, I want to give thanks to the developers and the entire community for this excellent control panel and for all their work.

(The problem).
I install satisfactorily ISPConfig 2.2.24 + RAID1 + SUPHP 0.6.3 in Debian Etch following the perfect setup and want to say that everything is working perfectly.
My problem is, If i run this script on my site phpfilemanager http://phpfm.sourceforge.net/, for example http://www.mysite.com/phpfilemanager.php Immediately the script change the CHMOD of the folder webx/web from 755 to 777. Immediately suphp starting to show errors because the folder is writable by other users and the page go to 500 error. This happens without any action inside the script, just typing the address in the browser and loading the script.

I dont have the error as described in the following post with suphp 0.6.3
http://www.howtoforge.com/forums/sho...220#post130220

I think that this is a serious security risk, someone knows how to solve this problem ?

Thank for your time and work.

CUBA. Sorry for my English

Last edited by CubAfull; 17th July 2008 at 04:46.
Reply With Quote
Sponsored Links
  #2  
Old 17th July 2008, 08:04
Hans Hans is offline
Moderator
 
Join Date: Dec 2005
Location: Montfoort, The Netherlands
Posts: 2,256
Thanks: 212
Thanked 648 Times in 294 Posts
 
Default

This has nothing to do with ISPConfig or suPHP.

Within the Configuration section within the index.php file, which comes with PHP File Manager, you see a line like: @chmod($dir_atual,0777);

So that's the reason that PHP File Manager, changed everything to chmod 777, which is insecure!

To solve your problem, you should change the line @chmod($dir_atual,0777); into @chmod($dir_atual,0755);
__________________
Hans

MrHostman | Master in managed hosting
Reply With Quote
The Following User Says Thank You to Hans For This Useful Post:
CubAfull (19th July 2008)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Virtual users... Ubuntu 8.04 spaceuser HOWTO-Related Questions 12 19th June 2008 08:04
ISPconfig Dovecot problem dolmax General 2 15th March 2008 13:17
ISPconfig under gentoo - One small problem CeuL Installation/Configuration 1 29th January 2008 19:56
ISPConfig 2.3.2-dev released till General 9 4th June 2007 10:46
ISPConfig DNS/IP problem radof General 15 22nd August 2006 11:54


All times are GMT +2. The time now is 00:22.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.