From owner-freebsd-questions  Thu Feb 19 03:39:57 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id DAA28143
          for freebsd-questions-outgoing; Thu, 19 Feb 1998 03:39:57 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from caladan.tdx.co.uk (caladan.tdx.co.uk [195.188.177.4])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA28133
          for <freebsd-questions@FreeBSD.ORG>; Thu, 19 Feb 1998 03:39:52 -0800 (PST)
          (envelope-from kpielorz@tdx.co.uk)
Received: from tdx.co.uk (lorca-tx.tdx.co.uk [195.188.177.242])
	by caladan.tdx.co.uk (8.8.7/8.8.7) with ESMTP id LAA09476;
	Thu, 19 Feb 1998 11:39:42 GMT
	(envelope-from kpielorz@tdx.co.uk)
Message-ID: <34EC19FE.4FE651A0@tdx.co.uk>
Date: Thu, 19 Feb 1998 11:39:42 +0000
From: Karl Pielorz <kpielorz@tdx.co.uk>
Organization: TDX
X-Mailer: Mozilla 4.04 [en] (WinNT; I)
MIME-Version: 1.0
To: Alik Yuswanto <alik@sby.globalinfo.net>
CC: freebsd-questions@FreeBSD.ORG
Subject: Re: Running Squid as root
References: <01bd3d26$ee746920$d4a9cda7@Ws3-sby.Ywcn-sby>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Squid offers a service (usually on an unprivileged TCP port, e.g. 8080) to the
masses, and it's quite big (and hence probably has bugs - which may or may not
be known or exploitable).

There's a lot less damage going to be done if someone manages to exploit it -
and it's running as 'squid', rather than if it was running as 'root'.

(Imagine they pursuade it to write your /etc/rc.conf file or something? - if
it's running as 'squid' the write will fail, if it's running as 'root' - it
may succeeded).

In short, I always try to run it as 'squid' or some other low-level access
user... I see it as good practice... Others may disagree I guess...


Regards,

Karl Pielorz

Alik Yuswanto wrote:
> 
> Greetings,
> Could somebody tell me what is the advantages or disadvantages of running
> squid as root?
> Do I have to run always as user squid?
> Thanks in advance.
> 
> ~Alik
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message