[Varnish] #738: New functionality: loading a compiled VCL SO library file at boot
Varnish
varnish-bugs at varnish-cache.org
Wed Aug 4 17:54:39 CEST 2010
#738: New functionality: loading a compiled VCL SO library file at boot
-------------------------+--------------------------------------------------
Reporter: jdzst | Owner: phk
Type: enhancement | Status: closed
Priority: low | Milestone:
Component: varnishd | Version:
Severity: normal | Resolution: wontfix
Keywords: |
-------------------------+--------------------------------------------------
Changes (by phk):
* status: new => closed
* resolution: => wontfix
Comment:
Sorry, but I am not going to adopt this idea.
The main argument against is that this opens us up to major version-skew
between the precompiled VCL and varnishd and that is far more trouble
catching, than the benefits you list.
As for attackers executing your c-compiler: To do that, your CLI is must
be compromised and that is the barrier you really should defend.
--
Ticket URL: <http://www.varnish-cache.org/ticket/738#comment:1>
Varnish <http://varnish-cache.org/>
The Varnish HTTP Accelerator
More information about the varnish-bugs
mailing list