On Fri, Jan 25, 2008 at 09:25:24AM +1300, Amos Jeffries wrote:
> > i did a quick hack and patched Solaris privileges support into pinger.c
> > from squid-2.6.STABLE18. This should allow to run pinger w/o setuid-root,
> > while still being able to access ICMP-sockets. The $SQUID_USER gets the
> > additional PRIV_NET_ICMPACCESS rights via:
> > /usr/sbin/usermod -K defaultpriv=basic,net_icmpaccess $SQUID_USER
> >
> > While probably not so interesting for the general public, could someone
> > with a bit more squid-code knowledge than me take a look at the patch?
> > I just want to make sure i didn't inadvertedly break something else ;-)
>
> Interesting and useful. Thank you.
Thank you for your fast reply. I should add that i didn't invent the
wheel here ;-) There is a quite nice documentation on the subject:
http://docs.sun.com/app/docs/doc/816-4863/chap1-intro-net-01
so credits should go towards Sun ;-)
> Seeing as the new code is almost all in one block with a specific purpose.
> I'd create a new function pingerSetPrivs() private to the pinger to do it
> and call it just before pingerOpen() instead.
Good idea! I'll fix up a function today.
Thanks,
Frank
Received on Fri Jan 25 2008 - 01:34:58 MST
This archive was generated by hypermail pre-2.1.9 : Wed Jan 30 2008 - 12:00:09 MST