Re: [squid-users] squid and chroot

From: Avinash Rao <avinash.aol_at_gmail.com>
Date: Wed, 19 Aug 2009 17:30:18 +0530

Thank you
On Wed, Aug 19, 2009 at 3:49 PM, Henrik
Nordstrom<henrik_at_henriknordstrom.net> wrote:
> ons 2009-08-19 klockan 10:34 +0530 skrev Avinash Rao:
>> A basic question. what is the use of installing squid in chroot,
>
> it's a security measure just in case there is a security vulnerability
> in Squid which may lead to remote execution of code. Makes life a lot
> harder for those trying to exploit any such vulnerability.
>
> Note: Squid isn't installed in a chroot, instead it's told to chroot
> itself to a folder containing only the few things Squid need to access
> while running. The Squid binary itself lives outside the chroot, but all
> filesystem access is confined to the chroot folder and all extra
> privileges is dropped down to the bare minimum.
>
> Regards
> Henrik
>
>
Received on Wed Aug 19 2009 - 12:00:25 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 19 2009 - 12:00:04 MDT