0

I operate a small shared hosting area. While I notice that people are unable/struggle to exploit with PHP I have found a small minority of people using Perl in order to obtain server information.

So, to put it simply here is the question I would like to ask -

Is there a way to prevent Perl scripts from accessing certain system critical files such as named.conf /etc/passwd & others? Naturally suhosin/ suphp or php.ini does not protect against this when in a perl scenario.

Improve this question

1 Answer 1

Reset to default
5

chroot the users and/or Apache ( example 1 example 2, example 3 )

Improve this answer
2
  • I suggest chrooting both, as well as bind and any other public facing services. Commented May 9, 2011 at 2:16
  • Thanks for your response and I cannot agree more. Just one issue, I am running a cPanel/ LiteSpeed setup. While I am sure LiteSpeed will run within the chroot fine, cPanel not so much! Commented May 10, 2011 at 6:59

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.