oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Varnish - no CVE == bug regression

From: "Poul-Henning Kamp" <phk () phk freebsd dk>
Date: Wed, 09 Jul 2014 06:13:38 +0000
In message <CACYkhxgfcOr=sXxUmsT8VctvHHqN-tJnxa4cKrV9nS0OrccZ0A () mail gmail com>, Michael Samuel w
rites:

So just to clarify:

On 9 July 2014 05:55, Poul-Henning Kamp <phk () phk freebsd dk> wrote:

        param.show auto_restart
        200 132
        auto_restart
                Value is: on [bool] (default)
                Default is: on

                Restart child process automatically if it dies.


Does this mean that the parent holds the accept() socket open, so if a worker
dies (eg. due to the client injecting a header into it's own
connection) only that
connection is affected?


No, a restart shuts all connections.

The master process' job is to hold the configured stated and start/stop
the worker process.  As part of the startup the socket is opened & bound,
but the master does not have anything to do with client sockets.  This
is mainly a security decision:  The master must be involatile.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk () FreeBSD ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Previous By Date Next
Previous By Thread Next

Current thread: