Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 09 Jul 2014 06:13:38 +0000
From: "Poul-Henning Kamp" <phk@....freebsd.dk>
To: Michael Samuel <mik@...net.net>
cc: oss-security@...ts.openwall.com
Subject: Re: Re: Varnish - no CVE == bug regression

In message <CACYkhxgfcOr=sXxUmsT8VctvHHqN-tJnxa4cKrV9nS0OrccZ0A@...l.gmail.com>, Michael Samuel w
rites:
>So just to clarify:
>
>On 9 July 2014 05:55, Poul-Henning Kamp <phk@....freebsd.dk> wrote:
>>         param.show auto_restart
>>         200 132
>>         auto_restart
>>                 Value is: on [bool] (default)
>>                 Default is: on
>>
>>                 Restart child process automatically if it dies.
>
>Does this mean that the parent holds the accept() socket open, so if a worker
>dies (eg. due to the client injecting a header into it's own
>connection) only that
>connection is affected?

No, a restart shuts all connections.

The master process' job is to hold the configured stated and start/stop
the worker process.  As part of the startup the socket is opened & bound,
but the master does not have anything to do with client sockets.  This
is mainly a security decision:  The master must be involatile.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@...eBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ