Re: Security Concerns

From: Kinkie <kinkie-dev@dont-contact.us>
Date: Mon, 26 Jan 2004 13:25:15 +0100

Henrik Nordstrom <hno@squid-cache.org> writes:

> This question got me thinking, and maybe we should restrict Squid to plain
> refuse to start if access rules say "http_access allow all".
>
> A simple 2.5 patch for doing this and also detecting if "acl all" is
> redefined as something else than intended is attached to this message.

What about simply defining two new acl types, "true" and "false" (or "all"
and "none" (or two predefined ACL names with the same effect)?

About refusing to start in unsafe situations, I don't agree. We should not
second-guess the user. Warning is OK, aborting is IMO not.

-- 
	kinkie (kinkie-squid [at] kinkie [dot] it)
	Random fortune, unrelated to the message:
We are experiencing system trouble -- do not adjust your terminal.
Received on Mon Jan 26 2004 - 05:25:18 MST

This archive was generated by hypermail pre-2.1.9 : Sat Jan 31 2004 - 12:00:10 MST