Henry Bonath <henry@thebonaths.com> wrote:
> Hello Misc,
>
> I had thought that I had configured the looking glass correctly per the man
> page,
> I have everything else working correctly, with custom header and footer
> with CSS and all works great.
> Whenever I attempt to ping/traceroute from the webpage, it simlpy reports:
> "failed."
>
> Here is what permissions look like: (set to 4555, per the man page)
> # ls -l /var/www/bin
> total 3584
> -r-xr-xr-x 1 root bin 336016 Apr 13 16:35 bgpctl
> -r-sr-xr-x 2 www bin 366536 Apr 13 16:35 ping
> -r-sr-xr-x 2 www bin 366536 Apr 13 16:35 ping6
> -r-sr-xr-x 2 www bin 325320 Apr 13 16:35 traceroute
> -r-sr-xr-x 2 www bin 325320 Apr 13 16:35 traceroute6
>
> OpenBSD version is 6.5 amd64.
>
> Is there anything I am missing that I would need to do in order to make
> this work?
Those setuid binaries require a filesystem which is mounted correctly.
Cannot have the options "noexec, nosuid"
btw, those setuid binaries are heavily priv-drop. But to avoid having
the entire filesystem outside of this dir open, you could consider
making just this directory it's own mini filesystem, it's just an
extra bit of containment.
No comments:
Post a Comment