DCUA
Sep 21 2004, 05:29 AM
httpd.conf has 644 by default.
This means that any user can view this file from any (php, cgi) script.
Anybody knows how to make it unaccessible for users?
DCUA
Sep 21 2004, 05:32 PM
Try to run the following cgi, guys, on your cPanel server and get httpd.conf into your browser even if you have suexec installed:
*********************
open(MYINPUTFILE, "my(@lines) = ;
my($line);
foreach $line (@lines)
{
print "$line";
}
close(MYINPUTFILE);
*********************
640 will stop this but it'll broke the cPanel.
How can I prevent this?