Yes: Protect the directory you specify with the -n argument.
Ah, okay, thanks. Is that just created with the umask of root or
something on startup? Maybe the docs for varnishd should mention this?
I tried searching for various terms "permissions", "security", etc. in
the docs
I pressume you also bothered to read the vendor response ?
Of course. I was just pointing out the related thread.
Maybe a wiki page on varnish-cache.org on securing varnish would be
useful here. It could contain the thing about the file permissions
above, a short discussion of the CLI, etc. That would help, and
couldn't hurt.
The Husqvarna analogy is slightly flawed since most people can't run
yum install husqvarna
and have one magically appear at their feet, gassed and ready to go. :)
Chris
On 2010/07/12 01:37, Poul-Henning Kamp wrote:
In message<[email protected]>, Chris Hecker writes:
It looks like all users can access the log shared memory for varnishd
(so they can run varnishlog, varnishstat, varnishncsa, etc.). Is there
a way to prevent that? It's not a huge priority for my current setup,
but I was just surprised.
Yes: Protect the directory you specify with the -n argument.
I noticed there was a thread about the vcl.load interface on
securityfocus as well:
http://www.securityfocus.com/archive/1/510360
I pressume you also bothered to read the vendor response ?
_______________________________________________
varnish-misc mailing list
[email protected]
http://lists.varnish-cache.org/mailman/listinfo/varnish-misc
