/usr/local/cpanel/bin/rebuild_sprites can be run as capnel user?
Hello, I've noticed that the /usr/local/cpanel/bin/rebuild_sprites script does not require a user check, unlike the sprite_generator or the majority of other scripts in the folder, and may thus be executed by regular cpanel users.
Is this behavior intended? Are there any potential security risks?
Example:
The rebuild process is not CPU-intensive, but if a user runs it XXXXXXXXXXX times, and errors are generated, it can quickly fill du on /usr and potentially bring down the entire server due to writing in /usr/local/cpanel/logs/error_log
Please sign in to leave a comment.
Comments
0 comments