[Security] Run Squid container as non-root user #250
Description
Priority
Medium
Description
The Squid container currently runs as root initially, which increases the impact of potential container escapes or vulnerabilities in Squid itself.
Impact
- Severity: Medium
- Attack Vector: Squid vulnerability or container escape with root privileges
- Risk: Greater system compromise if Squid is compromised
Proposed Solution
Configure Squid to run as a non-root user from the start:
- Use USER directive in Dockerfile
- Ensure proper permissions for Squid directories
- Update entrypoint script if needed
Effort Estimate
~3 hours
References
- Source: Daily Security Review Discussion [Security Review] Daily Security Review - January 16, 2026 #228
- Location:
containers/squid/Dockerfile
Metadata
Metadata
Labels
Type
Fields
Give feedbackNo fields configured for issues without a type.