varnishlog should not run as root
Bug #461593 reported by
Tv
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
varnish (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: varnish
varnish 2.0.3-2 in ubuntu 9.04 runs varnishlog as root. This is unnecessary and just makes the whole system vulnerable to bugs in varnishlogs parsing of e.g. HTTP header fields. varnish.deb should create a system user and run varnishlog under this user account.
Related branches
To post a comment you must log in.
Thanks,
I agree it should not run as root. I'll add an unprivileged user for varnishlog.