oss-sec mailing list archives
Re: Re: Varnish - no CVE == bug regression
From: "Poul-Henning Kamp" <phk () phk freebsd dk>
Date: Wed, 09 Jul 2014 06:13:38 +0000
In message <CACYkhxgfcOr=sXxUmsT8VctvHHqN-tJnxa4cKrV9nS0OrccZ0A () mail gmail com>, Michael Samuel w rites:
So just to clarify: On 9 July 2014 05:55, Poul-Henning Kamp <phk () phk freebsd dk> wrote:param.show auto_restart 200 132 auto_restart Value is: on [bool] (default) Default is: on Restart child process automatically if it dies.Does this mean that the parent holds the accept() socket open, so if a worker dies (eg. due to the client injecting a header into it's own connection) only that connection is affected?
No, a restart shuts all connections. The master process' job is to hold the configured stated and start/stop the worker process. As part of the startup the socket is opened & bound, but the master does not have anything to do with client sockets. This is mainly a security decision: The master must be involatile. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk () FreeBSD ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Current thread:
- Re: Varnish - no CVE == bug regression, (continued)
- Re: Varnish - no CVE == bug regression Marek Kroemeke (Jul 03)
- Re: Varnish - no CVE == bug regression Stefan Bühler (Jul 03)
- Re: Varnish - no CVE == bug regression Stefan Bühler (Jul 03)
- Re: Varnish - no CVE == bug regression Kurt Seifried (Jul 03)
- Re: Varnish - no CVE == bug regression Seth Arnold (Jul 03)
- Re: Varnish - no CVE == bug regression Sven Kieske (Jul 04)
- Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 05)
- Re: Varnish - no CVE == bug regression cve-assign (Jul 08)
- Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 08)
- Re: Re: Varnish - no CVE == bug regression Michael Samuel (Jul 08)
- Re: Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 08)
- Re: Re: Varnish - no CVE == bug regression Michael Samuel (Jul 08)
- Re: Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 09)