Hi Richie,

I tried your code and it works nicely, thanks a lot! All I need now is 
to prepare an automatic procedure for Swazoo to start its HTTP servers 
on ports below 1024 then immediately drop the root privilege.

Only unsolved question remains how to add a server on a new IP or port, 
without restarting the whole image as root? I need to temporary login 
the image as root then logout. Can I do that through libc too?

Janko


Janko Mivšek wrote:
> Gerardo Richarte wrote:
> 
>>     Another, probably more integrated idea, whould be to drop privs from
>> squeak after binding to port 80... and probably chrooting to another
>> place. How? Here I'm attached a quick (5 minutes) interface to libc
>> that'll let you do it. I tested it on Linux, and had to play tricks with
>> libc.so so squeak finds it (I symlinked libs.so.6 (actually libc-2.7.so)
>> to /usr/lib/squeak/3.9-8/libc.so [sudo ln -s /lib/libc-2.7.so
>> /usr/lib/squeak/3.9-8/libc.so]).
>>
>>     Then, after importing the attached class, you can start playing with
>> things like:
>>
>> libc := Libc new.
>> libc chroot: '/tmp' " disable changes file logging before doing it "
>> libc setruid: 1000 euid: 1000 suid: 1000.
>> self setrgid: 1000 egid: 1000 sgid: 1000.
>>
>> with that, you are clear on this front. Again, I don't think this is the
>> solution,
>> the 'evaluate:' example Klaus sent earlier is for me the most clear 
>> danger,
>> more than binary bugs in external libraries (although those are also
>> problems)
> 
> This is a solution I just contemplated during past hours and it is used 
> by Apache as well, AFAIK. Very elegant one and from your code seems 
> simple enough. Let me try by myself ..
> 
> Janko
> 
> 

-- 
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si