Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 9 Jul 2014 16:40:26 +1000
From: Michael Samuel <>
To: Poul-Henning Kamp <>
Subject: Re: Re: Varnish - no CVE == bug regression

On 9 July 2014 16:13, Poul-Henning Kamp <> wrote:
> No, a restart shuts all connections.
> The master process' job is to hold the configured stated and start/stop
> the worker process.  As part of the startup the socket is opened & bound,
> but the master does not have anything to do with client sockets.  This
> is mainly a security decision:  The master must be involatile.

I'm not disagreeing with that decision (which obviously has it's own
merits), but if that's the case then this is a low-risk, low impact DoS

A CVE assignment will trigger out-of-band patches for distros that might
not do so otherwise.  Surely you agree that this is desirable?


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ