> Oh. Good question. We are running squid on our firewall systems, and
> we have a policy of running proxy programs under a chroot whenever
> possible in hopes of protecting ourselves against abuse of possible
> bugs in the proxy software (whether it be squid or anything else). I
> believe this is fairly common firewall practice, though the efficacy
> of this protection can surely be debated, as can the degree of risk of
> such an attack.
But squid is still running as root isn't it? What if someone tries to
attack the ICP connection by shutting down the proper parent or
sibling and start to attack squid by exploring the possibility of a
buffer overflow condition that might occur when squid receives a
ICP_OP_HIT_OBJ (in icp.c i think). Normally a webserver starts as root
but changes user to nobody. The problem about contaminating the cache is
mentioned in the end of the ICP RFC.
Would it be possible to setreuid squid to nobody to lessen the risk of
exploit of the root account?
/Ilja
Received on Thu Dec 12 1996 - 02:38:10 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:52 MST