Apache symlink issue - vulnerable installations

Apache symlink issue - vulnerable installations (4 Replies, Read 2443 times)

random	February 3, 2013, 6:18 pm
Group: Member Post Group: Newbie Posts: 3 Status:	Hi, Unfortunately, a vulnerability in Apache web servers means that a hacker who has managed to gain access to an account on a shared server can then gain access to all the files in all the other accounts on that server. More info on this vulnerability can be found at http://forums.cpanel.net/f185/how-prevent-creating-symbolic-links-non-root-users-202242.html This vulnerability is being exploited by hackers to gain access to the configuration files of popular applications such as Wordpress and Joomla. One way to partially protect these applications is to change the permission given to their configuration files from 0644 to 0600. Would Softaculous be willing to add a function in the settings to make it so that a hosting company can decide that all the configuration files for all applications are always set with a permission of 0600 when the server is making use of SuPHP? This has already been implemented by one of your major competitor and would be an essential benefit from a security point of view. Failing to do so means that any installation set-up via Softaculous can be more easily compromised. Thanks Pascal
IP: --

Users viewing this topic
	1 guests, 0 users.