On Fri, Jan 25, 2008 at 09:25:24AM +1300, Amos Jeffries wrote: > > i did a quick hack and patched Solaris privileges support into pinger.c > > from squid-2.6.STABLE18. This should allow to run pinger w/o setuid-root, > > while still being able to access ICMP-sockets. The $SQUID_USER gets the > > additional PRIV_NET_ICMPACCESS rights via: > > /usr/sbin/usermod -K defaultpriv=basic,net_icmpaccess $SQUID_USER > > > > While probably not so interesting for the general public, could someone > > with a bit more squid-code knowledge than me take a look at the patch? > > I just want to make sure i didn't inadvertedly break something else ;-) > > Interesting and useful. Thank you.
Thank you for your fast reply. I should add that i didn't invent the wheel here ;-) There is a quite nice documentation on the subject: http://docs.sun.com/app/docs/doc/816-4863/chap1-intro-net-01 so credits should go towards Sun ;-) > Seeing as the new code is almost all in one block with a specific purpose. > I'd create a new function pingerSetPrivs() private to the pinger to do it > and call it just before pingerOpen() instead. Good idea! I'll fix up a function today. Thanks, Frank
