Need advice on: symlink race condition vulnerability

timesurfer

• May 01, 2020 13:23

Hi, Yesterday I bought a VPS plan with cPanel in CentOS 7 64 bit. Today, I tried to apply the KernelCare patch to address the "symlink race condition vulnerability". This is advised by cPanel here:

• 

  timesurfer

  • May 01, 2020 18:38

  One more thing: I am the only one managing those cPanel accounts. There will be NO shell access to them.

  0
• 

  timesurfer

  • May 01, 2020 19:04

  Would a per user /tmp be a solution? as someone sugested here at the end of the page?

  0
• 

  cPanelLauren

  • May 01, 2020 22:35

  The symlink protection patch is fine to add, when they support the version, they have around a week delay or so between when the kernel is released and when they provide support for it (give or take a bit depending on issues they come across) I believe they're looking at next week for support of the new kernel. For server configuration I like using lsphp - ea-apache24-mod_lsapi - standard permissions - I'm not sure what you're asking about .htaccess and php.ini - we offer some suggestions for security here: Recommended Security Settings | cPanel & WHM Documentation

  0
• 

  timesurfer

  • May 02, 2020 08:00

  Good news: the patch is already available. Must have been overnight. I've just finished installing it.

  0

Please sign in to leave a comment.