CloudLinux - CloudLinux Blog - Beta: CageFS 3.2 - say goodbye to SUID scripts
CloudLinux OS Blog

By accepting you will be accessing a service provided by a third-party external to https://www.cloudlinux.com/

Beta: CageFS 3.2 - say goodbye to SUID scripts

After two weeks of hard work, we are happy to announce CageFS 3.2 Beta 1. The new version removes the need for suid binaries among those accessible to users. That should significantly improve security of the system as SUID binaries are often used by hackers to escalate their privileges.

At this moment only porting on scripts were moved to no longer need SUID. Within the next 2 weeks we hope to remove each and every SUID from inside of the CageFS.

Full list of changes in CageFS 3.2
  • sendmail and mailman no longer need SUID to operate
  • Removed CageFS FUSE completely
  • DirectAdmin support
  • /var/log is no longer mounted inside user's CageFS.
  • Added proxyexec as a way to execute SUID binaries
  • Automatically detect PostgreSQL and create links in /tmp directories
  • Added hook for cPanel account termination
  • Removed /etc/valiases, /etc/vfilters and mailman archives from inside of the CageFS
  • Added support for Group ID instead of User ID for companies using Group ID to specify the account
  • All users with same uid now added to passwd files inside CageFS
  • FIX: --addrpm/--delrpm now work with full package names

To update
# yum update cagefs --enable-repo=cloudlinux-updates-testing

To install
# yum install cagefs --enablerepo=cloudlinux-updates-testing
lve0.8.58 kernel and NFS issue
Beta: mod_hostinglimits 1.0 and updated apr packag...
 

Комментарии

Нет созданных комментариев. Будь первым кто оставит комментарий.
Уже зарегистрированны? Войти на сайт
Guest
16.07.2020

Изображение капчи