summaryrefslogtreecommitdiff
path: root/t/issue_67.t
Commit message (Collapse)AuthorAgeFilesLines
* Find perl via /usr/bin/env instead of directlyDavid CARLIER2022-08-251-1/+1
| | | | | At least FreeBSD has perl in /usr/local/bin/perl and no symlink by default.
* t/issue_67: default UPD port is 0 (off)Vadim Pushtaev2018-06-271-6/+19
|
* disable UDP port by default1.5.6dormando2018-02-271-2/+2
| | | | | | | | | | | | | | | As reported, UDP amplification attacks have started to use insecure internet-exposed memcached instances. UDP used to be a lot more popular as a transport for memcached many years ago, but I'm not aware of many recent users. Ten years ago, the TCP connection overhead from many clients was relatively high (dozens or hundreds per client server), but these days many clients are batched, or user fewer processes, or simply anre't worried about it. While changing the default to listen on localhost only would also help, the true culprit is UDP. There are many more use cases for using memcached over the network than there are for using the UDP protocol.
* extstore: don't start with UDP supportdormando2017-11-281-2/+2
| | | | | also fixes a bug where setting -U 0 would disable TCP automatically... and vice versa.
* Add drop_privileges() for LinuxStanisław Pitucha2017-08-231-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement an aggressive version of drop_privileges(). Additionally add similar initialization function for threads drop_worker_privileges(). This version is similar to Solaris one and prohibits memcached from making any not approved syscalls. Current list narrows down the allowed calls to socket sends/recvs, accept, epoll handling, futex (and dependencies - mmap), getrusage (for stats), and signal / exit handling. Any incorrect behaviour will result in EACCES returned. This should be restricted further to KILL in the future (after more testing). The feature is only tested for i386 and x86_64. It depends on bpf filters and seccomp enabled in the kernel. It also requires libsecomp for abstraction to seccomp filters. All are available since Linux 3.5. Seccomp filtering can be enabled at compile time with --enable-seccomp. In case of local customisations which require more rights, memcached allows disabling drop_privileges() with "-o no_drop_privileges" at startup. Tests have to run with "-o relaxed_privileges", since they require disk access after the tests complete. This adds a few allowed syscalls, but does not disable the protection system completely.
* Allow all tests to run as rootdormando2011-11-091-1/+3
| | | | | All the other tests did... just this one didn't. You really shouldn't build this thing as root.
* TCP and UDP ports should follow each other. bug67Dustin Sallings2009-10-301-0/+84
View Lorry Controller Status