Actually I should've explained the practical side of this change for non-devs:
Adding the drop_privileges support ensures that even if someone managed to hack into memcached (for example finding some stack overflow issue), they couldn't do anything apart from messing the the process itself. Can't open files, can't start new connections, can't spawn new processes. Only existing incoming connections are available, which is still some exposure... but not as much. Effectively it has the same effect as applying apparmor / selinux / tomoyo / ... profile to the server, but a) you don't need to install them, b) you don't have to worry about the config, because memcached will apply the rules to itself at startup. If you're loading some interesting extensions into the process, they may be affected! -- --- You received this message because you are subscribed to the Google Groups "memcached" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
