Thanks Theo, that thought had briefly crossed my mind, and it looks like you are correct!
/dev/sd0e on /var type ffs (local, nodev, nosuid) I appreciate your quick response! -Henry On Thu, Oct 3, 2019 at 2:10 PM Theo de Raadt <dera...@openbsd.org> wrote: > Henry Bonath <he...@thebonaths.com> wrote: > > > Hello Misc, > > > > I had thought that I had configured the looking glass correctly per the > man > > page, > > I have everything else working correctly, with custom header and footer > > with CSS and all works great. > > Whenever I attempt to ping/traceroute from the webpage, it simlpy > reports: > > "failed." > > > > Here is what permissions look like: (set to 4555, per the man page) > > # ls -l /var/www/bin > > total 3584 > > -r-xr-xr-x 1 root bin 336016 Apr 13 16:35 bgpctl > > -r-sr-xr-x 2 www bin 366536 Apr 13 16:35 ping > > -r-sr-xr-x 2 www bin 366536 Apr 13 16:35 ping6 > > -r-sr-xr-x 2 www bin 325320 Apr 13 16:35 traceroute > > -r-sr-xr-x 2 www bin 325320 Apr 13 16:35 traceroute6 > > > > OpenBSD version is 6.5 amd64. > > > > Is there anything I am missing that I would need to do in order to make > > this work? > > Those setuid binaries require a filesystem which is mounted correctly. > > Cannot have the options "noexec, nosuid" > > btw, those setuid binaries are heavily priv-drop. But to avoid having > the entire filesystem outside of this dir open, you could consider > making just this directory it's own mini filesystem, it's just an > extra bit of containment. >
