Unprivileged user?
Per Andreas Buer
perbu at linpro.no
Tue Apr 15 08:25:27 CEST 2008
Ricardo Newbery skrev:
> Hmm... maybe I'm missing something but this doesn't seem to answer the
> main question. If, as you seem to imply, Varnish is opening any files
> it needs while it's still "root", then what is the purpose of the "-u
> user" option?
I'm guessing Varnish (like most Unix daemons) opens the file as root and
then drops its privileges. That way, when Varnish deals with the
untrusted data coming from the network it runs as an unprivileged user.
So, I there is a buffer overflow in Varnish, the code won't run with
root privileges.
Per.
More information about the varnish-misc
mailing list