[squeak-dev] smalltalk and Web stuff

Janko Mivšek janko.mivsek at eranova.si
Sun Nov 23 18:00:49 UTC 2008


Gerardo Richarte wrote:

>     Another, probably more integrated idea, whould be to drop privs from
> squeak after binding to port 80... and probably chrooting to another
> place. How? Here I'm attached a quick (5 minutes) interface to libc
> that'll let you do it. I tested it on Linux, and had to play tricks with
> libc.so so squeak finds it (I symlinked libs.so.6 (actually libc-2.7.so)
> to /usr/lib/squeak/3.9-8/libc.so [sudo ln -s /lib/libc-2.7.so
> /usr/lib/squeak/3.9-8/libc.so]).
> 
>     Then, after importing the attached class, you can start playing with
> things like:
> 
> libc := Libc new.
> libc chroot: '/tmp' " disable changes file logging before doing it "
> libc setruid: 1000 euid: 1000 suid: 1000.
> self setrgid: 1000 egid: 1000 sgid: 1000.
> 
> with that, you are clear on this front. Again, I don't think this is the
> solution,
> the 'evaluate:' example Klaus sent earlier is for me the most clear danger,
> more than binary bugs in external libraries (although those are also
> problems)

This is a solution I just contemplated during past hours and it is used 
by Apache as well, AFAIK. Very elegant one and from your code seems 
simple enough. Let me try by myself ..

Janko


-- 
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si



More information about the Squeak-dev mailing list