Date: Tue, 31 Jul 2001 17:54:18 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: "Karsten W. Rohrbach" <karsten@rohrbach.de> Cc: "Nickolay A.Kritsky" <nkritsky@internethelp.ru>, <security@FreeBSD.ORG> Subject: Re: accounting with ipfw (gid, uid riles) Message-ID: <20010731175236.A58983-100000@achilles.silby.com> In-Reply-To: <20010731180828.I92506@mail.webmonster.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 31 Jul 2001, Karsten W. Rohrbach wrote: > > If squid runs the listen as root, all sockets created from that listen > > socket will also be accounted to root. Same problem as the above. I do > > not know how natd would affect connections in terms of uid accounting. > > squid's standard ports are higher than 1024, so it should not be a > problem to start it with a uid wrapper (setuidgid from daemontools > or similar), shouldn't it? then the socket belongs to the squid user > i think... > > /k I'm not familiar with how squid acts, but your idea sounds good to me. Tell us how it works. :) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010731175236.A58983-100000>