Re: [squid-users] WARNING: no_suid: setuid(0): (1) Operation not permitted

From: Silamael <Silamael_at_coronamundi.de>
Date: Fri, 01 Feb 2013 09:33:19 +0100

On 02/01/2013 01:09 AM, Amos Jeffries wrote:
> Hmm. Yes the warning is new since we started adding debugs() about
> failed system calls to display reviously hidden system errors.
>
> Looking at all the documentation about setuid() and seteuid() I'm
> wondering if this was supposed to be seteuid(0) - to clear any
> effective-user restrictions before dropping privileges down to the
> low-privileges UID.
>
> I'm also wondering if setuid(uid) was done earlier and the low-privilege
> user is what is being dened the setuid(0) - but I can't see any sign of
> the "Dropping privileges" message that should appear first. Can one of
> you start your Squid with level-3 debug and see where in this startup
> list the dropping message appears?
>
> There is also http://bugs.squid-cache.org/show_bug.cgi?id=3751 involved
> with this somehow.
>
>
> Amos

Just for the record, I see the same warning under OpenBSD. As far is i
read the sources it seems to happen when the helpers are started. I
think it's the call of no_suid() in ipcCreate in ipc.cc.

-- Matthias
Received on Fri Feb 01 2013 - 08:33:24 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 01 2013 - 12:00:05 MST