Beta: CloudLinux 7 kernel updated

I am really happy to announce a new Kernel release that thoroughly addresses the issues associated with the ptrace_may_access function. As you may know, the latter is used to verify permissions throughout the whole kernel code (for example, in procfs).

With the release of this new patch, the ClouldLinux Team became able to unlink the ptrace-related verifications from its other counterparts. Now, ptrace does not depend on hidepid or any other verifications as the new CloudLinux Kernel patch provides additional verifications for procfs.

This new patch also resolves the conflict of running/killing the ptrace function and accessing user processes by means of procfs (provided that the hidepid=1 or hidepid=2 function is running). Another important thing about the CLKRN-250 is that it uses fsuid when accessing any file system objects (including /proc) - this eliminates the opportunity of an unauthorized access owing to ptrace verifications. 

Changelog:

kernel 3.10.0-714.10.2.lve1.5.16

To install a new kernel, please use the following command:

CloudLinux 7:

yum clean all --enablerepo=cloudlinux-updates-testing && yum install kernel-3.10.0-714.10.2.lve1.5.16.el7 --enablerepo=cloudlinux-updates-testing

CloudLinux 6 Hybrid:

yum clean all --enablerepo=cloudlinux-updates-testing,cloudlinux-hybrid-testing && yum install kernel-3.10.0-714.10.2.lve1.5.16.el6h --enablerepo=cloudlinux-updates-testing,cloudlinux-hybrid-testing