On 1/02/2013 6:03 a.m., Alex Rousskov wrote:
On 01/31/2013 03:06 AM, Amos Jeffries wrote:
On 31/01/2013 10:24 p.m., Simone Levy wrote:
Hello there,
we are receiving warnings after upgrading squid from version 3.1 to
3.2 on FreeBSD. Squid appears to be fully operational though.
The warnings seem to be relative to starting the helpers and opening
the log files, but the helpers are started and the log files written to.
When dealing with logs from asynchronous event code things are not
always as they seem.
If those are working its most likely not them.
You might have to start Squid under a debugger to find out what
specifically setuid is being called for.
Amos,
FWIW, I have seen this warning on FreeBSD as well. Squid calls
set_uid(0) unconditionally. My setuid man page does not mention UID of
zero, and I have not investigated why that call was added, but I have a
feeling that FreeBSD does not like it:
no_suid(void)
{
...
debugs(21, 3, "no_suid: PID " << getpid() << " giving up root priveleges for ever");
if (setuid(0) < 0)
debugs(50, DBG_IMPORTANT, "WARNING: no_suid: setuid(0): " << xstrerror());
Hmm. Yes the warning is new since we started adding debugs() about
failed system calls to display reviously hidden system errors.
Looking at all the documentation about setuid() and seteuid() I'm
wondering if this was supposed to be seteuid(0) - to clear any
effective-user restrictions before dropping privileges down to the
low-privileges UID.
I'm also wondering if setuid(uid) was done earlier and the low-privilege
user is what is being dened the setuid(0) - but I can't see any sign of
the "Dropping privileges" message that should appear first. Can one of
you start your Squid with level-3 debug and see where in this startup
list the dropping message appears?
There is also http://bugs.squid-cache.org/show_bug.cgi?id=3751 involved
with this somehow.
Amos