• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

"New Certificate" page will display saystem files when uploading symbolic link

2

21347

New Pleskian
Hi there,

because of a mistake on my side, I discovered something that I think is weird; I don't know however if it should be considered as a bug...

Here comes the "header":
=====================
PRODUCT, VERSION, MICROUPDATE, OPERATING SYSTEM, ARCHITECTURE
Plesk Panel 11.5.30 Update #51, Ubuntu 12.04.5 LTS, Kernel 2.6.32, x64

PROBLEM DESCRIPTION
SSL-Certificate Upload-Page will display some "system" files when uploading a symbolic link

STEPS TO REPRODUCE
1) Create a symbolic link "file" to an interesting system file, e.g. "/etc/passwd"
2) Got to Domains->Secure your Site->Add SSL-Certificate
3) Upload the file as Certificate and Private key
4) Ignore the complaint about wrong formatted PEM-File
5) Read the contents of "/etc/passwd" in the Textbox below

ACTUAL RESULT
System file is displayed on the web

EXPECTED RESULT
Error message saying "no symbolic links allowed"
=====================

Fortunately Plesk doesn't run as root, so most really important files should be safe.

As I said, I don't know if this is really problematic, however I still think is should be changed.

Thank you very much in advance,

Alex
 
You must log in or register to reply here.

Similar threads

B
Issue Default Page Certificate issue (no new cert)
Replies
1
Views
1K
Peter Debik
P
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
2K
Lenny
Lenny
burnley
Forwarded to devs Obsidian on CentOS 7: Plesk generates broken Dovecot configuration if client tries to secure email with invalid ssl certificate
Replies
1
Views
1K
IgorG
IgorG
B
  • Poll
Issue Force Let'sEncrypt extension to use DNS-01 authentication when issuing a new certificate
Replies
3
Views
4K
TomBoB
T
A
Issue My websites are crossing paths in either NGINX or DNS
Replies
0
Views
2K
andylehti
A
Back
Top