Re: Solaris privileges to use pinger w/o setuid-root

From: Amos Jeffries <squid3@dont-contact.us>
Date: Fri, 25 Jan 2008 09:25:24 +1300 (NZDT)

> Hi all,
>
> i did a quick hack and patched Solaris privileges support into pinger.c
> from squid-2.6.STABLE18. This should allow to run pinger w/o setuid-root,
> while still being able to access ICMP-sockets. The $SQUID_USER gets the
> additional PRIV_NET_ICMPACCESS rights via:
> /usr/sbin/usermod -K defaultpriv=basic,net_icmpaccess $SQUID_USER
>
> While probably not so interesting for the general public, could someone
> with a bit more squid-code knowledge than me take a look at the patch?
> I just want to make sure i didn't inadvertedly break something else ;-)
>
> Thanks,
>
> Frank
>

Interesting and useful. Thank you.

Seeing as the new code is almost all in one block with a specific purpose.
I'd create a new function pingerSetPrivs() private to the pinger to do it
and call it just before pingerOpen() instead.

Amos
Received on Thu Jan 24 2008 - 13:25:28 MST

This archive was generated by hypermail pre-2.1.9 : Wed Jan 30 2008 - 12:00:09 MST