On Wed, Feb 11, 2009 at 2:56 AM, Amos Jeffries squ...@treenet.co.nz wrote:
I'm opening this old discussion up again.
[...]
HISTORY:
If I recall correctly, the only holdback we had last time this was
discussed was that certain setups and winbind needed it to work.
That has since changed
ons 2009-02-11 klockan 14:56 +1300 skrev Amos Jeffries:
WHY:
* it's a security breach.
Why?
* it's the source of many permissions annoyances.
Yes.
* the setting is still widely recommended in online how-to's
Yes, and often for the wrong reasons.
* current Squid-3+ are perfectly
ons 2009-02-11 klockan 14:56 +1300 skrev Amos Jeffries:
WHY:
* it's a security breach.
Why?
Overriding the underlying OS, which admin may understand, with behavior
they may not. Can cause them to enact less secure workarounds; I have
seen squid effective-user'd to the root UID not long
tor 2009-02-12 klockan 12:30 +1300 skrev Amos Jeffries:
Overriding the underlying OS, which admin may understand, with behavior
they may not. Can cause them to enact less secure workarounds; I have
seen squid effective-user'd to the root UID not long ago.
cache_effective_user root is not
I'm opening this old discussion up again.
WHY:
* it's a security breach.
* it's the source of many permissions annoyances.
* the setting is still widely recommended in online how-to's without
reference to the security problems playing with it causes.
* current Squid-3+ are perfectly capable
