Need advice on: symlink race condition vulnerability


Well-Known Member
Apr 16, 2019
cPanel Access Level
Root Administrator

Yesterday I bought a VPS plan with cPanel in CentOS 7 64 bit.
Today, I tried to apply the KernelCare patch to address the "symlink race condition vulnerability".
This is advised by cPanel here:

The problem is that the CentOS version is using the latest kernel.
And the patch for that version is not yet available.
This is normal as the patch is only released after several days (or weeks, I guess).

But I have to set up this server to host 12 websites, each in it's own individual cPanel account.
The websites will be CMS's: 8 Wordpress, 2 Prestashop, 2 Opencart

So, can someone please advise?
What would you do if you were in my position?

Feel free to consider:
- suPHP or DSO
- permissions: 755 and 644, or 750 and 640
- htaccess
- PHP.ini
- whatever you feel makes sense


Product Owner II
Staff member
Nov 14, 2017
The symlink protection patch is fine to add, when they support the version, they have around a week delay or so between when the kernel is released and when they provide support for it (give or take a bit depending on issues they come across) I believe they're looking at next week for support of the new kernel.

For server configuration I like using lsphp - ea-apache24-mod_lsapi - standard permissions - I'm not sure what you're asking about .htaccess and php.ini - we offer some suggestions for security here: Recommended Security Settings | cPanel & WHM Documentation