Przemyslaw Borkowski wrote:
>
> I'm using Squid squid-2.5.STABLE2 on linux 2.4.20 in config there's an
> option to chroot, I'v set all directories everything that needs, squid is
> starting properly and all except one thread has user nobody
>
> root 3670 0.0 0.4 3716 1128 ? S Apr15 0:00
> /usr/local/squid/sbin/squid
> nobody 12422 0.0 2.6 8556 6816 ? S Apr15 0:06 [squid]
> nobody 29142 99.7 0.5 3988 1296 ? R Apr15 1013:49 [squid]
>
> Can this process drop priviliges too ?
>
Probably not, because that is your parent-startup which needs
root to execute chroot().
> Other thing you can see CPU usage, one of threads takes whole CPU time,
> and other thread open's udp port on external interface
>
> tcp 0 0 192.168.0.1:3128 0.0.0.0:* LISTEN
> 12422/
> tcp 0 0 192.168.0.1:1022 0.0.0.0:* LISTEN
> 20427/sshd
> tcp 0 248 192.168.0.1:1022 192.168.0.24:1030
> ESTABLISHED 20518/1
> udp 0 0 0.0.0.0:32812 0.0.0.0:*
> 12422/
> udp 0 0 0.0.0.0:67 0.0.0.0:*
> -
>
> can that be exploited hole ?
> That happends when squid runs about 2 to 6 hours. It works fine but
> utilizes CPU time.
>
How do you know the opened udp port belongs to a squid 'instance' ?
Also check cache.log for futher info, with, for instance
the cpu usage problem.
M.
> ---
> Pozdraviam
> Przemyslaw Borkowski
-- 'Love is truth without any future. (M.E. 1997)Received on Wed Apr 16 2003 - 06:10:30 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:15:00 MST