Frank Fegert wrote:
On Fri, Jan 25, 2008 at 09:25:24AM +1300, Amos Jeffries wrote:
i did a quick hack and patched Solaris privileges support into pinger.c
from squid-2.6.STABLE18. This should allow to run pinger w/o setuid-root,
while still being able to access ICMP-sockets. The $SQUID_USER gets the
additional PRIV_NET_ICMPACCESS rights via:
/usr/sbin/usermod -K defaultpriv=basic,net_icmpaccess $SQUID_USER
While probably not so interesting for the general public, could someone
with a bit more squid-code knowledge than me take a look at the patch?
I just want to make sure i didn't inadvertedly break something else ;-)
Interesting and useful. Thank you.
Thank you for your fast reply. I should add that i didn't invent the
wheel here ;-) There is a quite nice documentation on the subject:
http://docs.sun.com/app/docs/doc/816-4863/chap1-intro-net-01
so credits should go towards Sun ;-)
Ah, in which case we have to ask: Is the code copyright available under
GPL v2 and later Lisences?
The copyright issues have been getting a bit of cleanup lately and we
don't want to go backwards if possible.
Seeing as the new code is almost all in one block with a specific purpose.
I'd create a new function pingerSetPrivs() private to the pinger to do it
and call it just before pingerOpen() instead.
Good idea! I'll fix up a function today.
Thanks,
Frank
Amos
--
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.
