diff -N -c -r -X exclude_files squid-1.0.beta7/src/main.c squid-1.0.beta7.henrik/src/main.c
*** squid-1.0.beta7/src/main.c	Thu May  9 04:32:00 1996
--- squid-1.0.beta7.henrik/src/main.c	Fri May 10 12:52:09 1996
***************
*** 111,117 ****
  void serverConnectionsOpen()
  {
      /* Get our real priviliges */
!     get_suid();
  
      /* Open server ports */
      theAsciiConnection = comm_open(COMM_NONBLOCKING,
--- 111,117 ----
  void serverConnectionsOpen()
  {
      /* Get our real priviliges */
!     enter_suid();
  
      /* Open server ports */
      theAsciiConnection = comm_open(COMM_NONBLOCKING,
***************
*** 148,154 ****
  	}
      }
      /* And restore our priviliges to normal */
!     check_suid();
  }
  
  void serverConnectionsClose()
--- 148,154 ----
  	}
      }
      /* And restore our priviliges to normal */
!     leave_suid();
  }
  
  void serverConnectionsClose()
***************
*** 209,215 ****
      if (ConfigFile == NULL)
  	ConfigFile = xstrdup(DefaultConfigFile);
      parseConfigFile(ConfigFile);
!     check_suid();
  
      if (asciiPortNumOverride > 0)
  	setAsciiPortNum(asciiPortNumOverride);
--- 209,216 ----
      if (ConfigFile == NULL)
  	ConfigFile = xstrdup(DefaultConfigFile);
      parseConfigFile(ConfigFile);
! 
!     leave_suid(); /* Run as non privilegied user */
  
      if (asciiPortNumOverride > 0)
  	setAsciiPortNum(asciiPortNumOverride);
***************
*** 225,231 ****
  
      if (first_time) {
  	disk_init();		/* disk_init must go before ipcache_init() */
! 	writePidFile();		/* write PID file before setuid() */
      }
      ipcache_init();
      neighbors_init();
--- 226,232 ----
  
      if (first_time) {
  	disk_init();		/* disk_init must go before ipcache_init() */
! 	writePidFile();		/* write PID file */
      }
      ipcache_init();
      neighbors_init();
diff -N -c -r -X exclude_files squid-1.0.beta7/src/tools.c squid-1.0.beta7.henrik/src/tools.c
*** squid-1.0.beta7/src/tools.c	Thu May  9 04:32:06 1996
--- squid-1.0.beta7.henrik/src/tools.c	Fri May 10 12:58:30 1996
***************
*** 155,163 ****
  {
      debug(21, 1, "Shutting down...\n");
      if (getPidFilename()) {
! 	get_suid();
  	safeunlink(getPidFilename(), 0);
! 	check_suid();
      }
      storeWriteCleanLog();
      PrintRusage(NULL, debug_log);
--- 155,163 ----
  {
      debug(21, 1, "Shutting down...\n");
      if (getPidFilename()) {
! 	enter_suid();
  	safeunlink(getPidFilename(), 0);
! 	leave_suid();
      }
      storeWriteCleanLog();
      PrintRusage(NULL, debug_log);
***************
*** 306,312 ****
      return (err);
  }
  
! void check_suid()
  {
      struct passwd *pwd = NULL;
      struct group *grp = NULL;
--- 306,317 ----
      return (err);
  }
  
! /* leave a privilegied section. (Give up any privilegies)
!  * Routines that need privilegies can rap themselves in enter_suid()
!  * and leave_suid()
!  * To give upp all posibilites to gain privilegies use no_suid()
!  */
! void leave_suid()
  {
      struct passwd *pwd = NULL;
      struct group *grp = NULL;
***************
*** 331,337 ****
  #endif
  }
  
! void get_suid()
  {
  #if HAVE_SETRESUID
      setresuid(-1, 0, -1);
--- 336,343 ----
  #endif
  }
  
! /* Enter a privilegied section */
! void enter_suid()
  {
  #if HAVE_SETRESUID
      setresuid(-1, 0, -1);
***************
*** 340,349 ****
  #endif
  }
  
  void no_suid()
  {
      uid_t uid;
!     check_suid();
      uid = geteuid();
  #if HAVE_SETRESUID
      setresuid(uid, uid, uid);
--- 346,358 ----
  #endif
  }
  
+ /* Give up the posibility to gain privilegies.
+  * this should be used before starting a sub process
+  */
  void no_suid()
  {
      uid_t uid;
!     leave_suid();
      uid = geteuid();
  #if HAVE_SETRESUID
      setresuid(uid, uid, uid);
***************
*** 358,363 ****
--- 367,373 ----
      FILE *pid_fp = NULL;
      char *f = NULL;
  
+     enter_suid();
      if ((f = getPidFilename()) == NULL)
  	return;
      if ((pid_fp = fopen(f, "w")) == NULL) {
***************
*** 367,372 ****
--- 377,383 ----
      }
      fprintf(pid_fp, "%d\n", (int) getpid());
      fclose(pid_fp);
+     leave_suid();
  }
  
  
diff -N -c -r -X exclude_files squid-1.0.beta7/src/tools.h squid-1.0.beta7.henrik/src/tools.h
*** squid-1.0.beta7/src/tools.h	Thu May  9 04:32:06 1996
--- squid-1.0.beta7.henrik/src/tools.h	Fri May 10 12:50:22 1996
***************
*** 10,17 ****
  extern void rotate_logs _PARAMS((int sig));
  extern void shut_down _PARAMS((int sig));
  extern void sig_child _PARAMS((int sig));
! extern void check_suid _PARAMS((void));
! extern void get_suid _PARAMS((void));
  extern void no_suid _PARAMS((void));
  extern void writePidFile _PARAMS((void));
  extern void setMaxFD _PARAMS((void));
--- 10,17 ----
  extern void rotate_logs _PARAMS((int sig));
  extern void shut_down _PARAMS((int sig));
  extern void sig_child _PARAMS((int sig));
! extern void leave_suid _PARAMS((void));
! extern void enter_suid _PARAMS((void));
  extern void no_suid _PARAMS((void));
  extern void writePidFile _PARAMS((void));
  extern void setMaxFD _PARAMS((void));