From: Robert Thomas <rob@sloth.rpi.net.au>
Date: Thu, 12 Dec 1996 13:03:25 +1100 (EST)
Cc: squid-users@nlanr.net
X-Mailer: ELM [version 2.4 PL24 PGP3 *ALPHA*]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
>
> Is anyone else running squid on Solaris 2 under a chroot tree by using
> the /usr/sbin/chroot program? I've been doing this ever since we
[...]
OK. We give in. Why are you running squid chrooted?
Oh. Good question. We are running squid on our firewall systems, and
we have a policy of running proxy programs under a chroot whenever
possible in hopes of protecting ourselves against abuse of possible
bugs in the proxy software (whether it be squid or anything else). I
believe this is fairly common firewall practice, though the efficacy
of this protection can surely be debated, as can the degree of risk of
such an attack.
Joe
Received on Wed Dec 11 1996 - 18:20:42 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:52 MST