trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan-Frode Myklebust <janfr...@tanso.net>
Subject Re: why is trafficserver touching it's config at restart?
Date Sun, 10 Mar 2013 11:42:45 GMT
On Sun, Mar 10, 2013 at 12:01:27PM +0100, Reindl Harald wrote:
> why is trafficcserver doing this?
> 
> i had as example empty lines between the config blocks
> to make the file more readable which are gone and
> generally dislike this _1 files and touching my config

Very much agree. I manage the *.config files trough puppet, and every
time puppet changes something, ATS will make one additional changes to
the files (possibly only change timestamps), and cause a second service
reload.

Daemons shouldn't have write access to it's configuration files, as
that opens them to attacks. A remote file write vulnerability as the
ATS-user is automatically a remote root shell since it can f.ex. change
the proxy.config.proxy_binary in records.config...

Unfortunately I don't expect this to change.. since ATS includes some
cluster management where the configuration is supposed to be replicated
between the nodes..



  -jf

Mime
View raw message