Hello all! I noticed that there's the option to "chroot" my squid. Now, which benefits could I get from this configuration? What should I be doing/configuring for getting "chroot" to work in squid?
Thank you all again...
chrooting Squid gives the same benefits as chrooting any service, namely that if an exploit is discovered in Squid and your Squid gets exploited, the attacker only has access to the contents of the chroot environment. This minimizes the damage an attacker can do to your system, and the data they can get access to.
You'll need a mini-system directory where Squid will live...It will include Squid's log directory, the cache partitions, and the configuration file. It will also need to include all of the helper programs that you use, and it might need any shared libraries and system configuration files (like resolve.conf) that Squid relies on (it could be that shared libraries are pulled in before Squid chroots, and so they might not be needed--Henrik wrote the chroot code I think, or at least maintains it now, maybe he'll chime in with clarification).
Squid is historically among the more secure network server daemons (thank everyones favorite developers for that), with only a few rapidly corrected exploitable conditions in recent memory, so the feature doesn't get much discussion. But it is a worthwhile process, if your server provides other services or contains data that you take seriously. On a dedicated caching machine, it may be an unnecessary hassle.
