Sat Nov 27 01:25:28 CET 1999
Modified Files in squid
	configure configure.in 
Modified Files in squid/include
	autoconf.h.in 
Modified Files in squid/src
	cf.data.pre main.c structs.h tools.c 

Merged squid-2.2.STABLE5.chroot.patch

Added squid.conf chroot directive for making Squid chroot itself when
starting up. This also makes Squid permanently drop any root privilegies
(requirement when chrooting, or there is not much of a point in chroot)

Index: squid/configure
diff -u squid/configure:1.1.1.36.2.3 squid/configure:1.1.1.36.2.5
--- squid/configure:1.1.1.36.2.3	Sun Oct 31 00:11:07 1999
+++ squid/configure	Sat Nov 27 01:27:38 1999
@@ -4259,6 +4259,7 @@
 	res_init \
 	rint \
 	seteuid \
+	setgroups \
 	setpgrp \
 	setrlimit \
 	getrlimit \
Index: squid/configure.in
diff -u squid/configure.in:1.1.1.38.2.3 squid/configure.in:1.1.1.38.2.4
--- squid/configure.in:1.1.1.38.2.3	Sat Oct 30 22:51:41 1999
+++ squid/configure.in	Sat Nov 27 01:25:20 1999
@@ -984,6 +984,7 @@
 	res_init \
 	rint \
 	seteuid \
+	setgroups \
 	setpgrp \
 	setrlimit \
 	getrlimit \
Index: squid/include/autoconf.h.in
diff -u squid/include/autoconf.h.in:1.1.1.31.2.3 squid/include/autoconf.h.in:1.1.1.31.2.4
--- squid/include/autoconf.h.in:1.1.1.31.2.3	Sun Oct 31 00:11:16 1999
+++ squid/include/autoconf.h.in	Sat Nov 27 01:25:25 1999
@@ -379,6 +379,9 @@
 /* Define if you have the seteuid function.  */
 #undef HAVE_SETEUID
 
+/* Define if you have the setgroups function.  */
+#undef HAVE_SETGROUPS
+
 /* Define if you have the setpgrp function.  */
 #undef HAVE_SETPGRP
 
Index: squid/src/cf.data.pre
diff -u squid/src/cf.data.pre:1.1.1.41.2.5 squid/src/cf.data.pre:1.1.1.41.2.6
--- squid/src/cf.data.pre:1.1.1.41.2.5	Mon Nov 22 22:40:53 1999
+++ squid/src/cf.data.pre	Sat Nov 27 01:25:26 1999
@@ -3179,5 +3179,15 @@
 digest_rebuild_chunk_percentage 10
 DOC_END
 
+NAME: chroot
+TYPE: string
+LOC: Config.chroot_dir
+DEFAULT: none
+DOC_START
+	Use this to have Squid do a chroot() while initializing. This also
+	causes Squid to fully drop root privilegies after initializing
+	(with the side effect that HTTP connections using low port numbers
+	can't be reopened after a reconfigure)
+DOC_END
 EOF
 
Index: squid/src/main.c
diff -u squid/src/main.c:1.1.1.36.2.3 squid/src/main.c:1.1.1.36.2.4
--- squid/src/main.c:1.1.1.36.2.3	Sat Oct 30 22:48:25 1999
+++ squid/src/main.c	Sat Nov 27 01:25:26 1999
@@ -435,6 +435,10 @@
 static void
 mainInitialize(void)
 {
+    /* chroot if configured to run inside chroot */
+    if (Config.chroot_dir && chroot(Config.chroot_dir)) {
+	fatal("failed to chroot");
+    }
     if (opt_catch_signals) {
 	squid_signal(SIGSEGV, death, SA_NODEFER | SA_RESETHAND);
 	squid_signal(SIGBUS, death, SA_NODEFER | SA_RESETHAND);
@@ -515,6 +519,9 @@
 	else
 	    debug(1, 1) ("ICP port disabled in httpd_accelerator mode\n");
     }
+    if (Config.chroot_dir) {
+	no_suid();
+    }
     if (!configured_once)
 	writePidFile();		/* write PID file */
 
@@ -625,10 +632,18 @@
 
     /* send signal to running copy and exit */
     if (opt_send_signal != -1) {
+	/* chroot if configured to run inside chroot */
+	if (Config.chroot_dir && chroot(Config.chroot_dir)) {
+	    fatal("failed to chroot");
+	}
 	sendSignal();
 	/* NOTREACHED */
     }
     if (opt_create_swap_dirs) {
+	/* chroot if configured to run inside chroot */
+	if (Config.chroot_dir && chroot(Config.chroot_dir)) {
+	    fatal("failed to chroot");
+	}
 	setEffectiveUser();
 	debug(0, 0) ("Creating Swap Directories\n");
 	storeCreateSwapDirectories();
Index: squid/src/structs.h
diff -u squid/src/structs.h:1.1.1.42.2.5 squid/src/structs.h:1.1.1.42.2.6
--- squid/src/structs.h:1.1.1.42.2.5	Sat Oct 30 22:27:52 1999
+++ squid/src/structs.h	Sat Nov 27 01:25:27 1999
@@ -478,6 +478,7 @@
 #endif
     HttpHeaderMask anonymize_headers;
     char *coredump_dir;
+    char *chroot_dir;
 #if USE_CACHE_DIGESTS
     struct {
 	int bits_per_entry;
Index: squid/src/tools.c
diff -u squid/src/tools.c:1.1.1.26 squid/src/tools.c:1.1.1.26.2.1
--- squid/src/tools.c:1.1.1.26	Sat Oct 30 13:25:21 1999
+++ squid/src/tools.c	Sat Nov 27 01:25:27 1999
@@ -479,6 +479,7 @@
 {
     struct passwd *pwd = NULL;
     struct group *grp = NULL;
+    gid_t gid;
     debug(21, 3) ("leave_suid: PID %d called\n", getpid());
     if (geteuid() != 0)
 	return;
@@ -488,12 +489,15 @@
     if ((pwd = getpwnam(Config.effectiveUser)) == NULL)
 	return;
     if (Config.effectiveGroup && (grp = getgrnam(Config.effectiveGroup))) {
-	if (setgid(grp->gr_gid) < 0)
-	    debug(50, 1) ("leave_suid: setgid: %s\n", xstrerror());
+	gid = grp->gr_gid;
     } else {
-	if (setgid(pwd->pw_gid) < 0)
-	    debug(50, 1) ("leave_suid: setgid: %s\n", xstrerror());
+	gid = pwd->pw_gid;
     }
+#if HAVE_SETGROUPS
+    setgroups(1,&gid);
+#endif
+    if (setgid(gid) < 0)
+	debug(50, 1) ("leave_suid: setgid: %s\n", xstrerror());
     debug(21, 3) ("leave_suid: PID %d giving up root, becoming '%s'\n",
 	getpid(), pwd->pw_name);
 #if HAVE_SETRESUID