Re: chrooting squid..

From: Joe Ramey <>
Date: Wed, 11 Dec 1996 20:08:31 -0600

   From: Robert Thomas <>
   Date: Thu, 12 Dec 1996 13:03:25 +1100 (EST)
   X-Mailer: ELM [version 2.4 PL24 PGP3 *ALPHA*]
   MIME-Version: 1.0
   Content-Type: text/plain; charset=US-ASCII
   Content-Transfer-Encoding: 7bit

> Is anyone else running squid on Solaris 2 under a chroot tree by using
> the /usr/sbin/chroot program? I've been doing this ever since we

   OK. We give in. Why are you running squid chrooted?

Oh. Good question. We are running squid on our firewall systems, and
we have a policy of running proxy programs under a chroot whenever
possible in hopes of protecting ourselves against abuse of possible
bugs in the proxy software (whether it be squid or anything else). I
believe this is fairly common firewall practice, though the efficacy
of this protection can surely be debated, as can the degree of risk of
such an attack.

Received on Wed Dec 11 1996 - 18:20:42 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:52 MST