Re: Q: Using Squid on a firewall-Host?

From: Nigel Metheringham <>
Date: Wed, 18 Dec 1996 17:30:36 +0000 said:
} What I was trying to point out was that it really is a rather large
} application - heading up towards sendmail size. sendmail's had a heck
} of a lot more people checking it for holes over a much greater period
} of time than squid, and look how many holes still keep popping up.

Sendmail was never designed with any thought of security - its all an add
on. At least one feature was in there to allow root breaches.

Sendmail runs setuid root (and should not). Squid does not run setuid
root, and I never let root near it, hence damage is much more limited.
Run it chrooted and I guess that its pretty safe.

I think squid is much better coded in terms of checking for the standard
problems - and in that it isn't running as root does not need to be
programmed quite as carefully as a setuid root tool.


[   - Unix Applications Engineer ]
[ *Views expressed here are personal and not supported by PLAnet* ]
[ PLAnet Online : The White House          Tel : +44 113 251 6012 ]
[ Melbourne Street, Leeds LS2 7PS UK.      Fax : +44 113 2345656  ]
Received on Wed Dec 18 1996 - 09:47:03 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:55 MST