cgi-telnet working by .htaccess

[gvhdestek]

Hello,
I have a big problem

server
Redhat CentOS 5.0
directadmin version : 1.34.5
cgi-perl : deactive
safemod : on
mod security : on
disable_functions =popen, pclose, posix_getpwuid, posix_getgrgid, posix_kill, parse_perms, phpinfo, system, dl, passthru, exec, shell_exec, popen, proc_close, proc_get_status, proc_nice, proc_open, escapeshellcmd, escapeshellarg, show_source, posix_mkfifo, mysql_list_dbs, get_current_user, getmyuid, pconnect, link, symlink, pcntl_exec, ini_alter, pfsockopen, leak, apache_child_terminate, posix_kill, posix_setpgid, posix_setsid, posix_setuid, proc_terminate, syslog, fpassthru, stream_select, socket_select, socket_create, socket_create_listen, socket_create_pair, socket_listen, socket_accept, socket_bind, socket_strerror, pcntl_fork, pcntl_signal, pcntl_waitpid, pcntl_wexitstatus, pcntl_wifexited, pcntl_wifsignaled, pcntl_wifstopped, pcntl_wstopsig, pcntl_wtermsig, openlog, apache_get_modules, apache_get_version, apache_getenv, apache_note, apache_setenv, virtual

but cgi telnet works with .htaccess
can you help me,?

 

[totomcs]

cgi

Hi,


chgrp apache /usr/bin/perl
chmod 700 /usr/bin/perl

Regards,

 

[scsi]

Wow...are you kidding me?

 

[nobaloney]

Sure that'll work. But it'll also disable everything perl on the server not run by apache.

So it's not a good idea.

Jeff

 

[totomcs]

Hi Jeff,

How can you disable perl for users?

Regards,

 

[nobaloney]

Off hand I'm not sure of the details but I believe there settings in the apache configuration to disable it for apache. You'll also have to change the apache configuration so users can't override your settings.

Be sure to then restart apache.

Do you also want to disable it from cronjob or command line? Then you should give it a unique group name; first add a group named perl

# groupadd perl

Then change perl's group:

# chgrp perl /usr/bin/perl

Then change the perl permissions mask:

# chmod 754 /usr/bin/perl

Then add group perl to all the users who you want to be able to use perl.
(I leave that one up to you to look up.)

Jeff

 

[Yolte]

Off hand I'm not sure of the details but I believe there settings in the apache configuration to disable it for apache. You'll also have to change the apache configuration so users can't override your settings.

Be sure to then restart apache.

Do you also want to disable it from cronjob or command line? Then you should give it a unique group name; first add a group named perl

# groupadd perl

Then change perl's group:

# chgrp perl /usr/bin/perl

Then change the perl permissions mask:

# chmod 754 /usr/bin/perl

Then add group perl to all the users who you want to be able to use perl.
(I leave that one up to you to look up.)

Jeff

I'm completely agree with jlasman

If you do not want to be hacked, you must make this on all directadmin installs. If you dont, hacker can hake your server by cgi-perl shells easily.