Re: [squid-users] Fwd: chroot,Open UDP port & big CPU time

From: Marc Elsen <[email protected]>
Date: Wed, 16 Apr 2003 14:09:56 +0200

Przemyslaw Borkowski wrote:
>
> I'm using Squid squid-2.5.STABLE2 on linux 2.4.20 in config there's an
> option to chroot, I'v set all directories everything that needs, squid is
> starting properly and all except one thread has user nobody
>
> root 3670 0.0 0.4 3716 1128 ? S Apr15 0:00
> /usr/local/squid/sbin/squid
> nobody 12422 0.0 2.6 8556 6816 ? S Apr15 0:06 [squid]
> nobody 29142 99.7 0.5 3988 1296 ? R Apr15 1013:49 [squid]
>
> Can this process drop priviliges too ?
>
 Probably not, because that is your parent-startup which needs
 root to execute chroot().

> Other thing you can see CPU usage, one of threads takes whole CPU time,
> and other thread open's udp port on external interface
>
> tcp 0 0 192.168.0.1:3128 0.0.0.0:* LISTEN
> 12422/
> tcp 0 0 192.168.0.1:1022 0.0.0.0:* LISTEN
> 20427/sshd
> tcp 0 248 192.168.0.1:1022 192.168.0.24:1030
> ESTABLISHED 20518/1
> udp 0 0 0.0.0.0:32812 0.0.0.0:*
> 12422/
> udp 0 0 0.0.0.0:67 0.0.0.0:*
> -
>
> can that be exploited hole ?
> That happends when squid runs about 2 to 6 hours. It works fine but
> utilizes CPU time.
>

 How do you know the opened udp port belongs to a squid 'instance' ?

 Also check cache.log for futher info, with, for instance
 the cpu usage problem.

 M.

> ---
> Pozdraviam
> Przemyslaw Borkowski

-- 
 'Love is truth without any future.
 (M.E. 1997)
Received on Wed Apr 16 2003 - 06:10:30 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:15:00 MST