[experimental-ims] 45a408b update -r description

Poul-Henning Kamp phk at FreeBSD.org
Thu Dec 18 10:27:47 CET 2014


commit 45a408b8185b3be93a9fd53ca543d1fbbda5592f
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date:   Wed Jun 13 08:39:27 2012 +0000

    update -r description

diff --git a/doc/sphinx/reference/varnishd.rst b/doc/sphinx/reference/varnishd.rst
index 805e012..48ebdc8 100644
--- a/doc/sphinx/reference/varnishd.rst
+++ b/doc/sphinx/reference/varnishd.rst
@@ -110,14 +110,13 @@ OPTIONS
             documents.  This is a shortcut for specifying the
             default_ttl run-time parameter.
 
--r param[,param...]  
-            Specifies a list of parameters that are read only. This
-            gives the system administrator a way to limit what someone
-            with access to the Varnish CLI can do. In a very secure
-            environment you want to consider setting parameters such
-            as *user*, *group*, *cc_command*, *vcc_allow_inline_c* to
-            read only as these can potentially be used to escalate
-            privileges.
+-r param[,param...]
+            Make the listed parameters read only. This gives the
+            system administrator a way to limit what the Varnish CLI can do.
+            Consider making parameters such as *user*, *group*, *cc_command*,
+            *vcc_allow_inline_c* read only as these can potentially be used
+            to escalate privileges from the CLI.
+            Protecting *listen_address* may also be a good idea.
 
 -u user     Specifies the name of an unprivileged user to which the child
             process should switch before it starts accepting



More information about the varnish-commit mailing list