From owner-freebsd-security Tue Jul 31 15:54:24 2001 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with ESMTP id E144F37B401 for ; Tue, 31 Jul 2001 15:54:20 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 59004 invoked by uid 1000); 31 Jul 2001 22:54:18 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 31 Jul 2001 22:54:18 -0000 Date: Tue, 31 Jul 2001 17:54:18 -0500 (CDT) From: Mike Silbersack To: "Karsten W. Rohrbach" Cc: "Nickolay A.Kritsky" , Subject: Re: accounting with ipfw (gid, uid riles) In-Reply-To: <20010731180828.I92506@mail.webmonster.de> Message-ID: <20010731175236.A58983-100000@achilles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 31 Jul 2001, Karsten W. Rohrbach wrote: > > If squid runs the listen as root, all sockets created from that listen > > socket will also be accounted to root. Same problem as the above. I do > > not know how natd would affect connections in terms of uid accounting. > > squid's standard ports are higher than 1024, so it should not be a > problem to start it with a uid wrapper (setuidgid from daemontools > or similar), shouldn't it? then the socket belongs to the squid user > i think... > > /k I'm not familiar with how squid acts, but your idea sounds good to me. Tell us how it works. :) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message