At 00:50 19-01-2008, Amos Jeffries wrote:
Alexandre Correa wrote:
maresia# ls -l /dev/pf
crw------- 1 root wheel 0, 74 Jan 10 11:18 /dev/pf
Looks like all you need to do is start squid properly as root user
and let it do the permissions dropping properly itself.
Even when permissions are dropped, Squid still needs to read
/dev/pf. The above permissions will cause an error. When
PF_TRANSPARENT is defined, the GID of /dev/pf has to be changed to be
accessible by Squid.
Currently, Squid 2.6.x opens /dev/pf in read/write mode. There was
an OpenBSD patch to src/client_side.c to open /dev/pf in read-only mode .
--- client_side.c.orig Mon Sep 3 06:13:36 2007
+++ client_side.c Sun Jan 20 09:14:37 2008
@@ -4441,7 +4441,7 @@
static int pffd = -1;
static time_t last_reported = 0;
if (pffd < 0) {
- pffd = open("/dev/pf", O_RDWR);
+ pffd = open("/dev/pf", O_RDONLY);
if (pffd >= 0)
commSetCloseOnExec(pffd);
}
Regards,
-sm
