Symptoms

On CloudLinux installations, shared hosting user can create hard links to any file on a node. Some automatic provisioning activities performed by Odin Automation Premium involve permission and ownership adjustments on a filesystem of a shared hosting node. By making hard link to a critical system file owned by root, malicious shared hosting user could trick Odin Automation to transfer file's ownership to the user and effectively gain root access to node by modifying that file.

Resolution

The issue is fixed in CentOS 7 and Cloud Linux 6. Solution for these distributions is described in the appropriate article.

For Cloud Linux 5 apply the following solution:

For NG clustered environment:

  1. Review web servers included into the web cluster and identify number of Cloud Linux 5 - based nodes
  2. Add the same number of Cloud Linux 6 based hosts to keep capacity of the cluster. Use provider's guide as a reference.
  3. Remove Cloud Linux 5 hosts from the cluster
  4. For each Cloud Linux 6 server apply resolution from the appropriate article.

NOTE: As a result of migration the symptoms of #POA-104736 will take place. Follow the corresponding KB article to have it fixed.

For NG standalone server:

The only possible solution is to switch Cloud Linux 5 to the hybrid kernel.

  1. Perform the switch to the hybrid kernel:

    # yum update rhn-setup
    # /usr/sbin/normal-to-hybrid
    # reboot 
    

    Ensure that loaded kernel version is 2.6.32 (instead of non-hybrid kernel 2.6.18).

  2. Add the following lines to /etc/sysctl.conf file:

    fs.protected_symlinks_create = 1
    fs.protected_hardlinks_create = 1
    
  3. Apply settings executing:

    # sysctl -p
    

Internal content