varnish security
Chris Hecker
checker at d6.com
Mon Jul 12 11:01:42 CEST 2010
> Yes: Protect the directory you specify with the -n argument.
Ah, okay, thanks. Is that just created with the umask of root or
something on startup? Maybe the docs for varnishd should mention this?
I tried searching for various terms "permissions", "security", etc. in
the docs
> I pressume you also bothered to read the vendor response ?
Of course. I was just pointing out the related thread.
Maybe a wiki page on varnish-cache.org on securing varnish would be
useful here. It could contain the thing about the file permissions
above, a short discussion of the CLI, etc. That would help, and
couldn't hurt.
The Husqvarna analogy is slightly flawed since most people can't run
yum install husqvarna
and have one magically appear at their feet, gassed and ready to go. :)
Chris
On 2010/07/12 01:37, Poul-Henning Kamp wrote:
> In message<4C3AD22C.6010709 at d6.com>, Chris Hecker writes:
>
>> It looks like all users can access the log shared memory for varnishd
>> (so they can run varnishlog, varnishstat, varnishncsa, etc.). Is there
>> a way to prevent that? It's not a huge priority for my current setup,
>> but I was just surprised.
>
> Yes: Protect the directory you specify with the -n argument.
>
>> I noticed there was a thread about the vcl.load interface on
>> securityfocus as well:
>>
>> http://www.securityfocus.com/archive/1/510360
>
> I pressume you also bothered to read the vendor response ?
>
More information about the varnish-misc
mailing list