arb@connect.com.au said:
} What I was trying to point out was that it really is a rather large
} application - heading up towards sendmail size. sendmail's had a heck
} of a lot more people checking it for holes over a much greater period
} of time than squid, and look how many holes still keep popping up.
Sendmail was never designed with any thought of security - its all an add
on. At least one feature was in there to allow root breaches.
Sendmail runs setuid root (and should not). Squid does not run setuid
root, and I never let root near it, hence damage is much more limited.
Run it chrooted and I guess that its pretty safe.
I think squid is much better coded in terms of checking for the standard
problems - and in that it isn't running as root does not need to be
programmed quite as carefully as a setuid root tool.
Nigel.
-- [ Nigel.Metheringham@theplanet.net - Unix Applications Engineer ] [ *Views expressed here are personal and not supported by PLAnet* ] [ PLAnet Online : The White House Tel : +44 113 251 6012 ] [ Melbourne Street, Leeds LS2 7PS UK. Fax : +44 113 2345656 ]Received on Wed Dec 18 1996 - 09:47:03 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:55 MST