The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Followsymlinks and SymlinksIfOwnerMatch for single user

Discussion in 'Security' started by durangod, Jan 4, 2017.

  1. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    284
    Likes Received:
    13
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    So as i understand this, and i hope i am correct. If i am the only user on the server then regardless of how i have these configured, both on, both off, one on, one off. It really does not matter other than for script execution needs.

    What i mean is that right now i have them both enabled, i also have mod_ruid2 and jailshell enabled. However i still get the warning from the security advisor that i do not have protection from this exploit.

    I have updated my kernel and rebooted the server.

    ----------------------
    Kernel does not support the prevention of symlink ownership attacks.You do not appear to have any symlink protection enabled through a properly patched kernel on this server, which provides additional protections beyond those solutions employed in userland. Please review the documentation to learn how to apply this protection.
    ------------------------

    However in the documentation it tells me that one option is to use EXPERIMENTAL mod_ruid2 with jailshell. So i really should not be getting that notice at all.

    However to my original topic here, since i am the only user then it really does not matter, is that correct?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The updated symlink protection document for EasyApache 4 is available at:

    Symlink Race Condition Protection - EasyApache 4 - cPanel Documentation

    Per this document:

    A kernel-level solution, such as the cPanel-hardened kernel, is recommended even if you are the only user on the system. It adds an additional level of protection in the event access to your account is obtained through an exploit in a script that's utilized by your website.

    Thank you.
     
  3. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    284
    Likes Received:
    13
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    OK thanks, not sure that i really understand your answer, but thanks for the reply.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm happy to help answer any additional questions you might have. Would you mind providing some additional details or an example of a scenario that concerns you?

    Thank you.
     

Share This Page