During a review on squid, we found the following setuid-binary set to
run as root
E: squid setuid-binary /usr/lib64/squid/ncsa_auth root 04750
E: squid setuid-binary /usr/lib64/squid/pam_auth root 04750
Kicking around Google I find that:
ncsa_auth allows Squid to read and authenticate user and password
information from an NCSA/Apache httpd-style password file when using
basic HTTP authentication.
Pam_auth allows Squid to connect to a mostly any available PAM database
to validate the user name and password of Basic HTTP authentication.
The only thing I can think of these being used for is if we needed to
allow normal users to access squid, or to auth to the cachemngr.cgi - is
this true? Is it safe to turn this off if I don't want to use either of
these features? If so, shouldn't this be off by default?
Running: squid-2.6.STABLE13-1.RHEL4
Thank you
P
If you are not the intended recipient of this message (including attachments), or if you have received this message in error, immediately notify us and delete it and any attachments. If you no longer wish to receive e-mail from Edward Jones, please send this request to messages@edwardjones.com. You must include the e-mail address that you wish not to receive e-mail communications. For important additional information related to this e-mail, visit www.edwardjones.com/US_email_disclosure
Received on Thu Nov 01 2007 - 13:09:43 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:01 MST