The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New security advisor for symlink ownership attacks

Discussion in 'Security' started by airaid, Oct 12, 2016.

  1. airaid

    airaid Member

    Joined:
    Feb 18, 2014
    Messages:
    23
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    I'm getting a new oddly worded security advisor which references documentation but doesn't actually link to any docs. I have no idea what it's referring to so can someone point me to the docs please? The security advisor:

    Kernel does not support the prevention of symlink ownership attacks.

    You do not appear to have any symlink protection enabled through a properly patched kernel on this server, which provides additional protect beyond those solutions employed in userland. Please review the following documentation to learn how to apply this protection.

    Thanks
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,830
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Internal case CPANEL-9233 is open to improve the warning message when Security Advisor detects a lack of kernel support for symlink protection. The document you can reference for the symlink race condition itself is found at:

    Symlink Race Condition Protection - EasyApache - cPanel Documentation

    In addition, the following document provides information about the cPanel-provided kernel:

    How to Harden Your cPanel System's Kernel - cPanel Knowledge Base - cPanel Documentation

    I'll update this thread again once a resolution for CPANEL-9233 is published. Technical information about how this assessor looks for kernel-level symlink protection is available at:

    addon_securityadvisor/Symlinks.pm at master · CpanelInc/addon_securityadvisor · GitHub

    Thank you.

    Update: The resolution to this issue was published to cPanel version 60, and the message is updated to look like this:

    Thanks!
     
Loading...

Share This Page