varnish security
Poul-Henning Kamp
phk at phk.freebsd.dk
Mon Jul 12 10:37:23 CEST 2010
In message <4C3AD22C.6010709 at d6.com>, Chris Hecker writes:
>It looks like all users can access the log shared memory for varnishd
>(so they can run varnishlog, varnishstat, varnishncsa, etc.). Is there
>a way to prevent that? It's not a huge priority for my current setup,
>but I was just surprised.
Yes: Protect the directory you specify with the -n argument.
>I noticed there was a thread about the vcl.load interface on
>securityfocus as well:
>
>http://www.securityfocus.com/archive/1/510360
I pressume you also bothered to read the vendor response ?
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the varnish-misc
mailing list