[Vm-dev] gitorious / smallharbour question

laurent laffont laurent.laffont at gmail.com
Tue Aug 16 18:50:28 UTC 2011


Laurent Laffont - @lolgzs <http://twitter.com/#!/lolgzs>

Pharo Smalltalk Screencasts: http://www.pharocasts.com/
Blog: http://magaloma.blogspot.com/
Developer group: http://cara74.seasidehosting.st



On Tue, Aug 16, 2011 at 6:46 PM, Igor Stasenko <siguctua at gmail.com> wrote:

>
> On 16 August 2011 16:42, laurent laffont <laurent.laffont at gmail.com>
> wrote:
> >
> > Hi,
> >
> > for SmallHarbour I've cloned cogvm/blessed and then add security patches
> from SeasideHosting. See
> > - https://gitorious.org/~laurentlaffont/cogvm/smallharbour
> > -
> https://gitorious.org/~laurentlaffont/cogvm/smallharbour/commit/7f45e401f8c805021e3ef06e110e3f079fe6ecc3
> >
> > What's the best way to stay synchronized with cogvm/blessed commits ?
>
> Fist you need to add blessed as remote repository:
>
> git remote add blessed git://gitorious.org/cogvm/blessed.git
>
> Then you can simply pull changes to your branch:
>
> git pull blessed
>
> and it will merge changes automatically. (of course if there's no
> conflicts).
>
> And then
>
> git push
>
> to push updates to your own repository.
>
> > Is it interesting to adapt this patch for integration in cogvm/blessed ?
>
> Absolutely. All contributions is welcome :)
>
> > Is this patch good ?
> >
>
> I am a bit out of context. Where i can read a description of what you did?
>



First the changes are quite small, originally made by Nestyle (I suppose)
for SesideHosting.
This introduce the use of environment variables to restrict filesystem and
port access. For example we don't want the hosted image to be able to access
/etc/passwd or another account files. We don't want that 2 images use the
same port.

So this patch read these environment variables:

export SQUEAK_PORT_LO=16400
export SQUEAK_PORT_HI=16407
export SQUEAK_ROOT_DIR="/service/myaccount/files"

so only port between 16400 and 16407 can be opened, only
/service/myaccount/files can be read/written.

Note that in the patch port 25 (SMTP) is always accessible.

This is very specific to SeasideHosting/SmallHarbour, so I don't think the
patch should be apply as it is now in cogvm/blessed, but having such
functionalities in the VM would be nice IMO.


The commit is here - quite easy to read:
https://gitorious.org/~laurentlaffont/cogvm/smallharbour/commit/7f45e401f8c805021e3ef06e110e3f079fe6ecc3

Laurent.




>
>
> > Laurent Laffont - @lolgzs
> >
> > Pharo Smalltalk Screencasts: http://www.pharocasts.com/
> > Blog: http://magaloma.blogspot.com/
> > Developer group: http://cara74.seasidehosting.st
> >
> >
>
>
>
> --
> Best regards,
> Igor Stasenko AKA sig.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/vm-dev/attachments/20110816/7057afe6/attachment.htm


More information about the Vm-dev mailing list