On Tue, 31 Jul 2001, Karsten W. Rohrbach wrote:

> > If squid runs the listen as root, all sockets created from that listen
> > socket will also be accounted to root. Same problem as the above. I do
> > not know how natd would affect connections in terms of uid accounting.
>
> squid's standard ports are higher than 1024, so it should not be a
> problem to start it with a uid wrapper (setuidgid from daemontools
> or similar), shouldn't it? then the socket belongs to the squid user
> i think...
>
> /k

I'm not familiar with how squid acts, but your idea sounds good to me.
Tell us how it works. :)

Mike "Silby" Silbersack

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]