Ilja Hallberg (iha@incolumitas.se) wrote:
> But squid is still running as root isn't it? What if someone tries to
> attack the ICP connection by shutting down the proper parent or
> sibling and start to attack squid by exploring the possibility of a
> buffer overflow condition that might occur when squid receives a
> ICP_OP_HIT_OBJ (in icp.c i think). Normally a webserver starts as root
> but changes user to nobody. The problem about contaminating the cache is
> mentioned in the end of the ICP RFC.
Squid doesn't run normally as root. It changes to a less trusted user
for most functions. But it keeps the saved uid of root so that it can
change back for short periods of time to do things that need root access.
While this isn't perfect, it's a whole lot better than running as root
for the duration. It at least need root access to bind to port 80, so I
doubt it would be possible to use some chrootuid wrapper without major
changes to get bound to port 80 before squid starts. I don't know what
squid uses root for now, in 1.0.x it used it for getting passwords. With
proper permissions it should (in theory) be able to entirely drop root
once it has bound to port 80.
P.S. The talk about port 80 is very dependant on how squid is configured
and used. You may not use port 80 and hence won't have a problem.
Cheers.
-- +------------------------------------------------------------+
. | John Saunders - mailto:john@nlc.net.au (EMail) |
,--_|\ | - http://www.nlc.net.au/ (WWW) |
/ Oz \ | - 018-223-814 or 02-9477-2881 (Phone) |
\_,--\_/ | NHJ NORTHLINK COMMUNICATIONS - Supplying a professional, |
v | and above all friendly, internet connection service. |
+------------------------------------------------------------+
Received on Thu Dec 12 1996 - 06:17:28 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:53 MST