[Varnish] #260: varnishd pid file is created with too restrictive file mode
Varnish
varnish-bugs at projects.linpro.no
Tue Jun 24 13:32:54 CEST 2008
#260: varnishd pid file is created with too restrictive file mode
----------------------+-----------------------------------------------------
Reporter: hans | Owner: phk
Type: defect | Status: new
Priority: normal | Milestone:
Component: varnishd | Version: trunk
Severity: normal | Keywords:
----------------------+-----------------------------------------------------
varnishd creates its pid file with the file mode 0600, which is too
restrictive. If one really wants to conceal the pid that a varnishd runs
under, it is easy to put the pid file into a directory that is world-
unreadable or use a proper umask. The other way round, this problem is
impossible to fix. We need to check whether varnishd runs using a non-
privileged process and we don't want that process to have elevated
privilege just to read the varnishd pid file. The fix is trivial, patch
attached.
--
Ticket URL: <http://varnish.projects.linpro.no/ticket/260>
Varnish <http://varnish.projects.linpro.no/>
The Varnish HTTP Accelerator
More information about the varnish-bugs
mailing list