[master] 82f2f25d2 About trusting backends a bit less

Poul-Henning Kamp phk at FreeBSD.org
Wed Aug 10 08:49:06 UTC 2022


commit 82f2f25d289c4737adc72f0d34846af91f1b64e0
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date:   Wed Aug 10 08:48:18 2022 +0000

    About trusting backends a bit less

diff --git a/doc/sphinx/phk/barriers.rst b/doc/sphinx/phk/barriers.rst
index cc2728b92..794e57e36 100644
--- a/doc/sphinx/phk/barriers.rst
+++ b/doc/sphinx/phk/barriers.rst
@@ -14,7 +14,9 @@ if you find yourself thinking "Why did he do _that_ ? the answer has to
 do with security.
 
 The Varnish security model is based on some very crude but easy to understand
-barriers between the various components::
+barriers between the various components:
+
+.. code-block:: text
 
                 .-->- provides ->---------------------------------------.
                 |                                          |            |
diff --git a/doc/sphinx/phk/index.rst b/doc/sphinx/phk/index.rst
index c0374116c..f7ccde00d 100644
--- a/doc/sphinx/phk/index.rst
+++ b/doc/sphinx/phk/index.rst
@@ -13,6 +13,7 @@ You may or may not want to know what Poul-Henning thinks.
 .. toctree::
 	:maxdepth: 1
 
+	routine.rst
 	503aroundtheworld.rst
 	legacy.rst
 	ip_address.rst
diff --git a/doc/sphinx/phk/routine.rst b/doc/sphinx/phk/routine.rst
new file mode 100644
index 000000000..8cd776ce0
--- /dev/null
+++ b/doc/sphinx/phk/routine.rst
@@ -0,0 +1,42 @@
+..
+	Copyright (c) 2022 Varnish Software AS
+	SPDX-License-Identifier: BSD-2-Clause
+	See LICENSE file for full text of license
+
+.. _phk_routine:
+
+========================
+Getting into the routine
+========================
+
+Yesterday we released `VSV00009 </security/VSV00009.html>`_, a pretty
+harmless DoS from the backend side, which could trivially be mitigated
+in VCL.
+
+By now handling security issues seem to have become routine for the
+project, which is good, because that is the world we live in, and 
+bad, because we live in a world where that is a necessary skill.
+
+From the very start of the project, we have treated backends
+as "trusted", in the sense that a lot of nasty stuff we try to handle
+from clients got "dont do that then" treatment from the backend.
+
+That was back when "cloud" were called "mainframes" and "containers"
+were called "jails", way back when CDNs were only for companies
+with more money than skill.
+
+Part of the reasoning was also maximizing compatibility.
+
+Backends were a lot more - let us call it "heterogenous" - back
+then.  Some of them were literally kludges nailed to the side of
+legacy newspaper production systems, and sometimes it was obvious
+that they had not heard about RFCs.
+
+For the problem we fixed yesterday, one line of VCL took care of
+the problem, but that is not guaranteed to always be the case.
+
+These days the "web" is a lot more regimented, and expecting
+standards-compliance from backends makes sense, so we will
+tighten the screws in that department as an ongoing activity.
+
+Poul-Henning, 2022-08-05


More information about the varnish-commit mailing list