[Varnish] #738: New functionality: loading a compiled VCL SO library file at boot

Varnish varnish-bugs at varnish-cache.org
Wed Aug 4 17:54:39 CEST 2010


#738: New functionality: loading a compiled VCL SO library file at boot
-------------------------+--------------------------------------------------
 Reporter:  jdzst        |        Owner:  phk    
     Type:  enhancement  |       Status:  closed 
 Priority:  low          |    Milestone:         
Component:  varnishd     |      Version:         
 Severity:  normal       |   Resolution:  wontfix
 Keywords:               |  
-------------------------+--------------------------------------------------
Changes (by phk):

  * status:  new => closed
  * resolution:  => wontfix


Comment:

 Sorry, but I am not going to adopt this idea.

 The main argument against is that this opens us up to major version-skew
 between the precompiled VCL and varnishd and that is far more trouble
 catching, than the benefits you list.

 As for attackers executing your c-compiler:  To do that, your CLI is must
 be compromised and that is the barrier you really should defend.

-- 
Ticket URL: <http://www.varnish-cache.org/ticket/738#comment:1>
Varnish <http://varnish-cache.org/>
The Varnish HTTP Accelerator




More information about the varnish-bugs mailing list