I noticed that by default, SQUID is installed on BSDi 3.1 with the following permissions: ls > ls -la total 234 drwxrwxr-x 2 www www 512 Feb 7 1997 . drwxrwxr-x 3 www www 512 Feb 7 1997 .. -rwxr-xr-x 1 www www 3635 Jan 20 1997 access-extract-urls.pl -rwxr-xr-x 1 www www 4269 Jan 20 1997 access-extract.pl -rwxr-xr-x 1 www www 9168 Jan 20 1997 access-summary.pl -rwxr-xr-x 1 www www 4153 Jan 20 1997 cache-summary.pl -rwxr-xr-x 1 www www 20480 Jan 20 1997 cachemgr.cgi -rwxr-xr-x 1 www www 4280 Jan 20 1997 client -rwxr-xr-x 1 www www 4448 Jan 20 1997 dnsserver -rwxr-xr-x 1 www www 36864 Jan 20 1997 ftpget -rwxr-xr-x 1 www www 2388 Jan 20 1997 pinger -rwxr-xr-x 1 www www 10235 Jan 20 1997 squid-logs.pl -rwxr-xr-x 1 www www 980 Jan 20 1997 squid.daily -rwxr-xr-x 1 www www 980 Jan 20 1997 squid.daily.sample -rwxr-xr-x 1 www www 1813 Jan 20 1997 squid.weekly -rwxr-xr-x 1 www www 1813 Jan 20 1997 squid.weekly.sample -rwxr-xr-x 1 www www 1724 Jan 20 1997 start-squid -rwxr-xr-x 1 www www 1724 Jan 20 1997 start-squid.sample -rwxr-xr-x 1 www www 3068 Jan 20 1997 upgrade-1.0-store.pl Now I've seen what can happen when you have a httpd.conf owned by the same user CGI Runs as (all user's cgi has the ability to modify the file)...the same thing should be possible here. One could easily modify the start-squid file, or a configuration file, to set up a root shell or anything else they care to do; since start-squid is initially run as root, their modifications will be run as root as well. It might be a good idea to modify BSDi to install them owned by root, just as it does with apache. Thank you, Jonathan A. Zdziarski Systems Administrator Netrail Incorporated jonzat_private (888) NET-RAIL
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:52:37 PDT