During a review on squid, we found the following setuid-binary set to run as root E: squid setuid-binary /usr/lib64/squid/ncsa_auth root 04750 E: squid setuid-binary /usr/lib64/squid/pam_auth root 04750 Kicking around Google I find that: ncsa_auth allows Squid to read and authenticate user and password information from an NCSA/Apache httpd-style password file when using basic HTTP authentication. Pam_auth allows Squid to connect to a mostly any available PAM database to validate the user name and password of Basic HTTP authentication. The only thing I can think of these being used for is if we needed to allow normal users to access squid, or to auth to the cachemngr.cgi - is this true? Is it safe to turn this off if I don't want to use either of these features? If so, shouldn't this be off by default? Running: squid-2.6.STABLE13-1.RHEL4 Thank you P If you are not the intended recipient of this message (including attachments), or if you have received this message in error, immediately notify us and delete it and any attachments. If you no longer wish to receive e-mail from Edward Jones, please send this request to messages@xxxxxxxxxxxxxxxx You must include the e-mail address that you wish not to receive e-mail communications. For important additional information related to this e-mail, visit www.edwardjones.com/US_email_disclosure
