CloudLinux Blog - Beta: CageFS 3.2 - say goodbye to SUID scripts

Beta: CageFS 3.2 - say goodbye to SUID scripts

After two weeks of hard work, we are happy to announce CageFS 3.2 Beta 1. The new version removes the need for suid binaries among those accessible to users. That should significantly improve security of the system as SUID binaries are often used by hackers to escalate their privileges.

At this moment only porting on scripts were moved to no longer need SUID. Within the next 2 weeks we hope to remove each and every SUID from inside of the CageFS.

Full list of changes in CageFS 3.2
  • sendmail and mailman no longer need SUID to operate
  • Removed CageFS FUSE completely
  • DirectAdmin support
  • /var/log is no longer mounted inside user's CageFS.
  • Added proxyexec as a way to execute SUID binaries
  • Automatically detect PostgreSQL and create links in /tmp directories
  • Added hook for cPanel account termination
  • Removed /etc/valiases, /etc/vfilters and mailman archives from inside of the CageFS
  • Added support for Group ID instead of User ID for companies using Group ID to specify the account
  • All users with same uid now added to passwd files inside CageFS
  • FIX: --addrpm/--delrpm now work with full package names

To update
# yum update cagefs --enable-repo=cloudlinux-updates-testing

To install
# yum install cagefs --enablerepo=cloudlinux-updates-testing
lve0.8.58 kernel and NFS issue
Beta: mod_hostinglimits 1.0 and updated apr packag...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 20 January 2020

Captcha Image

By submitting your comment, you agree with Cloudlinux Privacy Policy