If you’ve been following the tech news of late, you’ll have heard about a serious vulnerability in the Linux kernel that could allow an attacker to gain root access. The media has treated the story with its usual restraint: headlines abound about the vulnerability of millions of servers and Android phones. I’d like to take a more level-headed look at the vulnerability and the impact it might have on web hosting clients.
The Linux kernel is the heart of what’s colloquially called the Linux operating system. It’s the “bottom layer” that communicates directly with the hardware of the machine. Everything else that makes up a Linux distribution — services, applications, the graphical user interface — runs on top of the kernel and communicates with the hardware via the kernel. As some will tell you, Linux is the kernel: everything else is layers of other software, most notably from the GNU project.
There has been a flaw in the Linux kernel since version 3.8 — released in 2013 — that could potentially allow an attacker to elevate their privilege from an ordinary user to the root user. The root user has complete control over a Linux-based server, and can do anything from installing software to deleting the whole OS.
The vulnerability was in the OS keyring, which handles the storage of encryption keys and authentication tokens within the kernel. Technically, the vulnerability is a use-after-free vulnerability, which means that the memory used by the keyring was not managed properly, allowing an attacker to insert code into that memory, with unpleasant effects.
As a web hosting user, is this something you have to worry about?
The first thing to note is that in most cases, a malicious user will need local non-root access to a server to leverage this vulnerability. They need to be able to login to an account on the server, or persuade someone to install malware. That minimizes the risk for web hosting clients, assuming they don’t give out accounts on their server to untrustworthy people. Users of shared hosting are at more risk; users of virtual private servers and dedicated servers are at less risk.
The next thing to note is that almost all Linux distributions quickly released patches to fix the vulnerability. If your Linux server runs on Ubuntu, Red Hat, or CentOS, and has been updated to the most recent version, it is no longer vulnerable.
CentOS is the most popular distribution for web hosting providers, including Future Hosting. Servers running on CentOS 5 and CentOS 6 — based on the same versions of Red Hat Enterprise Linux — were never vulnerable, because they use a version of the kernel that was released before the offending code was added. Servers running CentOS 7 are vulnerable, but a patch has been released — update and the vulnerability will be fixed. Check out this post for more information.
Future Hosting clients were never at risk from this vulnerability because our hosting accounts are based on CentOS 6.
There’s no doubt that this was a serious and unfortunate vulnerability, but once it was discovered by Perception Point, the Linux kernel team were notified, and patches were released and pushed by the distributions quickly. So long as your server runs the most recent version of the kernel package for CentOS, your sites are safe.