Harden Cpanel kernel

Published by

Posted on June 28, 2017


If you enable both of the SymLinksIfOwnerMatch and FollowSymLinks configuration settings, Apache becomes vulnerable to a race condition through symlinks. This symlink vulnerability allows a malicious user to serve files from anywhere on a server that strict OS-level permissions do not protect. The cPanel Hardened Kernel update provides Symlink Race Condition Protection.

Additional information

This document explains how to implement symlink race condition protection on systems that run EasyApache 4.