Mailing List Archive

[master] 19a9743 -r option for read only parameters
commit 19a97432827c29a6fdc63101494ca72b109c8df2
Author: Per Buer <>
Date: Mon Apr 30 09:48:56 2012 +0200

-r option for read only parameters

diff --git a/doc/sphinx/reference/varnishd.rst b/doc/sphinx/reference/varnishd.rst
index f0647b3..b75bbb0 100644
--- a/doc/sphinx/reference/varnishd.rst
+++ b/doc/sphinx/reference/varnishd.rst
@@ -23,7 +23,7 @@ varnishd [-a address[:port]] [-b host[:port]] [-d] [-F] [-f config]
[-g group] [-h type[,options]] [-i identity]
[-l shmlogsize] [-n name] [-P file] [-p param=value]
[-s type[,options]] [-T address[:port]] [-t ttl]
- [-u user] [-V]
+ [-r param[,param...]] [-u user] [-V]

@@ -110,6 +110,13 @@ OPTIONS
documents. This is a shortcut for specifying the
default_ttl run-time parameter.

+-r param[,param...]
+ Specifies a list of parameters that are read only. In a
+ very secure environment you want to consider setting
+ parameters such as *user*, *group*, *cc_command*,
+ *vcc_allow_inline_c* to read only as these can potentially
+ be used to escalate privileges.
-u user Specifies the name of an unprivileged user to which the child
process should switch before it starts accepting
connections. This is a shortcut for specifying the user

varnish-commit mailing list