I've implemented these two features today, and because of some
synergy between then, I ended up not using Kacpers patch for the
"./" stuff, but I did use his VTC. Big Thanks!
I belive this is backwards compatible, except for "./" now having
a special meaning.
There is one weird and one reasonable cornercase.
The weird one is that a "-f vclfile" argument is opened and read
with command-line privs, but the includes in that file are resolved
using the VCC privs which could be a fair bit lower, so the
includes may in fact not be readable.
The reasonable one is that if the -f argument is not an absolute
filename, including "./" relative to it will error out.
vcc_unsafe_path now bans any '/' in filenames inside VCL (ie:
'include ...' and 'import ... from ...')
I'm wondering if that check should really be ".." instead (more
precisly: '^../' or '/../'). Input ?
I made it possible to do
import std from "/some/dir/";
If the filename ends in '/' the default .so filename will
automatically be appended.
Finally, note that with the path functionality, you can do things
like;
param.set vcl_dir "/something:/foo/bar:/other"
include "foopkg/bar.vcl";
And get hold of the file "/foo/bar/foopkg/bar.vcl".
This is intentional.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
p...@freebsd.org | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
_______________________________________________
varnish-dev mailing list
varnish-dev@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev
