Hi Everybody,
I've looked at the sources of SQUID 1.1.18 and the release notes 1.1 to get
confirmation, but I would appreciate yours, aspecially on V1.1.20.
When I declare an ACL using srcdomain to list allowed internal clients, I
think SQUID does a reverse lookup of a given client's IP address before
checking the srcdomain list.
But does it do a subsequent DIRECT lookup, to make sure that the client is
in the domain it "claims" to be ? If not, it sounds like just changing a
PTR record in a foreign domain is all what a hacker needs to make SQUID to
think he is someone else.
Reading this extract of the mentionned release notes seems to mean that :
"
NOTE: DNS has a number of known security problems. Squid does not make
any effort to guarantee the validity of data returned from gethostbyname()
or gethostbyaddr() calls.
"
So, it seems that using src ACL's rather than srcdomain is more secure,
isn't it ?
Thank's in advance for any correction / confirmation and best regards !
Thierry A.
Received on Mon Feb 09 1998 - 08:06:33 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:49 MST