| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
At least FreeBSD has perl in /usr/local/bin/perl and no symlink by
default.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As reported, UDP amplification attacks have started to use insecure
internet-exposed memcached instances. UDP used to be a lot more popular as a
transport for memcached many years ago, but I'm not aware of many recent
users.
Ten years ago, the TCP connection overhead from many clients was relatively
high (dozens or hundreds per client server), but these days many clients are
batched, or user fewer processes, or simply anre't worried about it.
While changing the default to listen on localhost only would also help, the
true culprit is UDP. There are many more use cases for using memcached over
the network than there are for using the UDP protocol.
|
|
|
|
|
| |
also fixes a bug where setting -U 0 would disable TCP automatically...
and vice versa.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement an aggressive version of drop_privileges(). Additionally add
similar initialization function for threads drop_worker_privileges().
This version is similar to Solaris one and prohibits memcached from
making any not approved syscalls. Current list narrows down the allowed
calls to socket sends/recvs, accept, epoll handling, futex (and
dependencies - mmap), getrusage (for stats), and signal / exit
handling.
Any incorrect behaviour will result in EACCES returned. This should be
restricted further to KILL in the future (after more testing).
The feature is only tested for i386 and x86_64. It depends on bpf
filters and seccomp enabled in the kernel. It also requires libsecomp
for abstraction to seccomp filters. All are available since Linux 3.5.
Seccomp filtering can be enabled at compile time with --enable-seccomp.
In case of local customisations which require more rights, memcached
allows disabling drop_privileges() with "-o no_drop_privileges" at
startup.
Tests have to run with "-o relaxed_privileges", since they require
disk access after the tests complete. This adds a few allowed syscalls,
but does not disable the protection system completely.
|
|
|
|
|
| |
All the other tests did... just this one didn't. You really shouldn't build
this thing as root.
|
|
|