There seems to be a problem when I pasted it in gmail. Here's a link to the git diff:
http://devio.us/~loganaden/memcached.git.diff //Logan C-x-C-c Esokia Webagency On Sat, Aug 7, 2010 at 6:30 PM, Loganaden Velvindron <[email protected]>wrote: > Here's a git-diff. > > It disables remote debug & cachedump support. > > Feedback is welcomed. > > It works fine on our server since this morning. > Sorry for not having posted this earlier. > > //Logan > C-x-C-c > Esokia Web Agency > http://www.esokia-webagency.com/ > > diff --git a/memcached.c b/memcached.c > index 750c8b3..eb0343f 100644 > --- a/memcached.c > +++ b/memcached.c > @@ -2336,8 +2336,7 @@ inline static void process_stats_detail(conn *c, > const char *command) { > assert(c != NULL); > > if (strcmp(command, "on") == 0) { > - settings.detail_enabled = 1; > - out_string(c, "OK"); > + out_string(c, "Remote debug support disabled"); > } > else if (strcmp(command, "off") == 0) { > settings.detail_enabled = 0; > @@ -2469,27 +2468,7 @@ static void process_stat(conn *c, token_t *tokens, > const size_t ntokens) { > } else if (strcmp(subcommand, "settings") == 0) { > process_stat_settings(&append_stats, c); > } else if (strcmp(subcommand, "cachedump") == 0) { > - char *buf; > - unsigned int bytes, id, limit = 0; > - > - if (ntokens < 5) { > - out_string(c, "CLIENT_ERROR bad command line"); > - return; > - } > - > - if (!safe_strtoul(tokens[2].value, &id) || > - !safe_strtoul(tokens[3].value, &limit)) { > - out_string(c, "CLIENT_ERROR bad command line format"); > - return; > - } > - > - if (id >= POWER_LARGEST) { > - out_string(c, "CLIENT_ERROR Illegal slab id"); > - return; > - } > - > - buf = item_cachedump(id, limit, &bytes); > - write_and_free(c, buf, bytes); > + out_string(c, "Cachedump disabled"); > return ; > } else { > /* getting here means that the subcommand is either engine > specific or > > > > On Sat, Aug 7, 2010 at 6:24 PM, Henrik Schröder <[email protected]> wrote: > >> What do you mean "at startup"? I click "start service" in my service >> control panel, and then... where would that warning be displayed? >> >> Seriously though, there are many ways to solve this problem, binding to >> private IPs is one way to do it, but not necessarily the best way, and >> definitely not the only way. If you run memcached you should realize that >> there's no security whatsoever on it, and leaving it open to the internet at >> large is a pretty stupid idea. How to best secure it depends greatly on the >> local circumstances, and that is not something memcached itself should start >> second-guessing the local admins about. >> >> >> /Henrik >> >> >> On Sat, Aug 7, 2010 at 14:09, samwyse <[email protected]> wrote: >> >>> I've just now suggested this on Slashdot: At startup, issue a big >>> multi-line warning if the IP addresses that are getting bound aren't >>> on the loopback address or a private internet. The private internets >>> are defined in RFC 1918 as: >>> >>> 10.0.0.0 - 10.255.255.255 (10/8 prefix) >>> 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) >>> 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) >>> >> >> > > > -- > `` Real men run current !'' > > > > > > -- `` Real men run current !''
