Drop SUID priveleges when running RunnersRegistry actions.

Before the patch, Squid created shared memory segments as root and
workers failed to attach to it as non-root.

diff --git a/src/main.cc b/src/main.cc
index a526290b7b4afebb8b3a83fefee5db3a626b4813..b9aa4ba84754d0b87394c7a1f63c61e0d92e16e4 100644 (file)
--- a/src/main.cc
+++ b/src/main.cc
@@ -1430,7 +1430,9 @@ SquidMain(int argc, char **argv)
     }
 
     debugs(1,2, HERE << "Doing post-config initialization\n");
+    leave_suid();
     ActivateRegistered(rrAfterConfig);
+    enter_suid();
 
     if (!opt_no_daemon && Config.workers > 0)
         watch_child(argv);
@@ -1796,7 +1798,9 @@ syslog(LOG_NOTICE, "XXX: will start %d kids", (int)TheKids.count());
 #endif
 
         if (!TheKids.someRunning() && !TheKids.shouldRestartSome()) {
+            leave_suid();
             DeactivateRegistered(rrAfterConfig);
+            enter_suid();
 
             if (TheKids.someSignaled(SIGINT) || TheKids.someSignaled(SIGTERM)) {
                 syslog(LOG_ALERT, "Exiting due to unexpected forced shutdown");