Do not add non-existing users to CageFS excludes (CageFS bypass)
CloudLinux by default installs /etc/cagefs/exclude/systemuserlist with usernames that do not exist in system. If client buys account named like one of those usernames (e.g. varnish) or reseller creates user named like one of those usernames, then that user will be outside CageFS with access to full user list and files outside CageFS. Tested on CloudLinux+DirectAdmin system. Task CAG-940. I was sent here from #64992.
First 3 ways to bypass CageFS reported by us were fixed by You, now email@example.com does not even answer (tried to report db_governor crash by unprivileged user from CageFS #64282) and You ask to publish 4th way to bypass CageFS here. What is going on?
And here i thought that CloudLinux is Quality Software.
AdminIvan Zhmud (Admin, Cloud Linux) commented
It was fixed in cagefs-6.1.9-2 and governor-mysql 1.2-46
Nice catch Zerg2k. Let us know how many $$$$ from bugbounty you gonna get for this.