An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0.

This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.