Re: Unprivileged user?

2008-04-16 Thread Stig Sandbeck Mathisen
On Wed, 16 Apr 2008 06:56:37 +, "Poul-Henning Kamp" <[EMAIL PROTECTED]> said: > In message <[EMAIL PROTECTED]>, Stig Sandbeck Mathisen writes: >> * Read access to where you store your VCL files > No, the vcl files are read by the master process which does not drop > priviledge. >> * Execut

Re: Unprivileged user?

2008-04-16 Thread Dag-Erling Smørgrav
"Poul-Henning Kamp" <[EMAIL PROTECTED]> writes: > "Michael S. Fischer" <[EMAIL PROTECTED]> writes: > > I'm not saying that they would; I'm just saying that you can't count > > on user 'nobody' having the precise role that a security-conscious > > sysadmin would want. > Which is why there is a -u ar

Re: Unprivileged user?

2008-04-16 Thread Dag-Erling Smørgrav
"Poul-Henning Kamp" <[EMAIL PROTECTED]> writes: > Stig Sandbeck Mathisen <[EMAIL PROTECTED]> writes: > > After it has dropped root privileges, it needs at least: > > > > * Open new network connections (no problem unless you use MAC or a > > uid-matching firewall) > No, it accepts them only. wron

Re: Unprivileged user?

2008-04-16 Thread Michael S. Fischer
On Tue, Apr 15, 2008 at 11:53 PM, Poul-Henning Kamp <[EMAIL PROTECTED]> wrote: > In message <[EMAIL PROTECTED]>, "Mich > > ael S. Fischer" writes: > > >> Varnish for instance assumes that the administrator is not a total > >> madman, who would do something as patently stupid as you prospose >

Re: Current stable version?

2008-04-16 Thread Dag-Erling Smørgrav
Gaute Amundsen <[EMAIL PROTECTED]> writes: > we are currently running varnish-1.0.4-3el4.i386.rpm > ( with a small patch ) 1.1.2 has been out for, eh, four months now... DES -- Dag-Erling Smørgrav Senior Software Developer Linpro AS - www.linpro.no ___

Re: Unprivileged user?

2008-04-16 Thread Anders Nordby
Hi, On Tue, Apr 15, 2008 at 07:35:20AM +, Poul-Henning Kamp wrote: >>Assuming that "nobody" is an available user on your system, then is >>the "-u user" option for varnishd superfluous? > Yes. > > You can confirm the uid nobody is used with the ps(1) command. I disagree. Suppose you have

Re: Unprivileged user?

2008-04-16 Thread Poul-Henning Kamp
In message <[EMAIL PROTECTED]>, Per Andreas Buer writes: >Poul-Henning Kamp skrev: >>> * Open new network connections (no problem unless you use MAC or a >>> uid-matching firewall) >> >> No, it accepts them only. > >Does the privilegded prosess talk to the origin servers? No. -- Poul-Henning

RE: Re: Error compiling last revision from trunk

2008-04-16 Thread duja
>Sorry, I forgot to submit this change, done now. Thank you ;) ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc

Re: Error compiling last revision from trunk

2008-04-16 Thread Poul-Henning Kamp
In message <[EMAIL PROTECTED]>, [EMAIL PROTECTED] writes: >>this should be SIZE_MAX. > >Could you fix this please? Sorry, I forgot to submit this change, done now. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 [EMAIL PROTECTED] | TCP/IP since RFC 956 FreeBSD committer | B

Error compiling last revision from trunk

2008-04-16 Thread duja
>this should be SIZE_MAX. Could you fix this please? or can I make subversion to download a specific revision? / Erik ___ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc

Re: Unprivileged user?

2008-04-16 Thread Per Andreas Buer
Poul-Henning Kamp skrev: > In message <[EMAIL PROTECTED]>, Stig Sandbeck Mathisen writes: >> On Tue, 15 Apr 2008 00:01:17 -0700, Ricardo Newbery <[EMAIL PROTECTED]> said: >> >>> In Varnish, does the less-privileged user need access to anything? >> After it has dropped root privileges, it needs at l