[Apologies if this belongs on varnish-dev; this list seemed much more
active.]
This patch came about from observations in tickets #512 and #518.
The attached patch creates a backend flag to change the initial health
of backends upon varnishd startup:
backend foo {
.initial_health
When looking at /proc/map info for varnish threads, I'm seeing the
following allocations in numbers that essentially match the child count:
40111000 8192K rw---[ anon ]
And this at almost double the child count:
7f4d5790 1024K rw---[ anon ]
For example, for 64
]] Ken Brownfield
| When looking at /proc/map info for varnish threads, I'm seeing the
| following allocations in numbers that essentially match the child count:
|
| 40111000 8192K rw---[ anon ]
Looks like the default stack size.
| And this at almost double the child count:
|
I would guess that Varnish isn't affected by this, but does anyone know
for sure? Does Varnish protect against this attack in all cases if you
have Apache as your backend?
http://isc.sans.org/diary.html?storyid=6601
Many thanks,
Nick.
___
In message 4a3ba393.3010...@loman.net, Nick Loman writes:
I would guess that Varnish isn't affected by this, but does anyone know
for sure? Does Varnish protect against this attack in all cases if you
have Apache as your backend?
http://isc.sans.org/diary.html?storyid=6601
Varnish will abandon
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Poul-Henning Kamp wrote:
Systems using http accept filters (FreeBSD possibly others) the Varnish
(or apache) will never even see these connections in the first place.
Does this basically mean that in these uncertain times where kiddiots
DoS
On Jun 19, 2009, at 7:15 AM, Tollef Fog Heen wrote:
| 40111000 8192K rw---[ anon ]
Looks like the default stack size.
Ah, of course. Good find, thanks. I'm thinking it might be nice to
have a thread track its stack history and emit its approximate largest
size when it's
In message 5c056ae2-7207-42f8-9e4b-0f541dc4b...@slide.com, Ken Brownfield wri
tes:
Would a stack overflow take out the whole child, or just that thread?
The kernel would try to extend the stack and provided you are not on
a 32 bit system, it shouldn't ever have a problem with that.
--