Henry Bonath <[email protected]> wrote: > Hello Misc, > > I had thought that I had configured the looking glass correctly per the man > page, > I have everything else working correctly, with custom header and footer > with CSS and all works great. > Whenever I attempt to ping/traceroute from the webpage, it simlpy reports: > "failed." > > Here is what permissions look like: (set to 4555, per the man page) > # ls -l /var/www/bin > total 3584 > -r-xr-xr-x 1 root bin 336016 Apr 13 16:35 bgpctl > -r-sr-xr-x 2 www bin 366536 Apr 13 16:35 ping > -r-sr-xr-x 2 www bin 366536 Apr 13 16:35 ping6 > -r-sr-xr-x 2 www bin 325320 Apr 13 16:35 traceroute > -r-sr-xr-x 2 www bin 325320 Apr 13 16:35 traceroute6 > > OpenBSD version is 6.5 amd64. > > Is there anything I am missing that I would need to do in order to make > this work?
Those setuid binaries require a filesystem which is mounted correctly. Cannot have the options "noexec, nosuid" btw, those setuid binaries are heavily priv-drop. But to avoid having the entire filesystem outside of this dir open, you could consider making just this directory it's own mini filesystem, it's just an extra bit of containment.
