Cagefs + host and ping ?

**iseletsk** · 10-30-2013, 10:16 AM

ping has a suid bit, so has to be added as proxy command
host -- I don remember the reason we didn add it. I don think it would be an issue.

**clm** · 10-30-2013, 11:23 AM

Would I just add :

PING=/bin/ping

?

Im not sure what the variable names (PING) are forâ€¦

Also similar question, should /usr/bin/id be a proxy command or not ?

**iseletsk** · 10-30-2013, 11:33 AM

Yes, that is basically it. After that execute:
cagefsctl --force-update

So it would actually create /bin/ping inside cagefs.

]# ls -l /usr/bin/id
-rwxr-xr-x. 1 root root 28104 May 23 07:00 /usr/bin/id

no suid bit... programs without suid bit don need to be proxy commands.
Also, be careful with proxy. Proxy means: execute on real system. So, if you would add id command to proxy, hacker would be able to run dictionary attack:
id user1
id user2
id user3

to figure out which users exists.

**clm** · 10-30-2013, 08:22 PM

Thanks !

Cagefs + host and ping ?

Cagefs + host and ping ?

Comment

Comment

Comment

Comment