[Varnish] #260: varnishd pid file is created with too restrictive file mode

Varnish varnish-bugs at projects.linpro.no
Tue Jun 24 13:32:54 CEST 2008


#260: varnishd pid file is created with too restrictive file mode
----------------------+-----------------------------------------------------
 Reporter:  hans      |       Owner:  phk  
     Type:  defect    |      Status:  new  
 Priority:  normal    |   Milestone:       
Component:  varnishd  |     Version:  trunk
 Severity:  normal    |    Keywords:       
----------------------+-----------------------------------------------------
 varnishd creates its pid file with the file mode 0600, which is too
 restrictive.  If one really wants to conceal the pid that a varnishd runs
 under, it is easy to put the pid file into a directory that is world-
 unreadable or use a proper umask.  The other way round, this problem is
 impossible to fix.  We need to check whether varnishd runs using a non-
 privileged process and we don't want that process to have elevated
 privilege just to read the varnishd pid file.  The fix is trivial, patch
 attached.

-- 
Ticket URL: <http://varnish.projects.linpro.no/ticket/260>
Varnish <http://varnish.projects.linpro.no/>
The Varnish HTTP Accelerator


More information about the varnish-bugs mailing list