Alexandre Bergel wrote:
Unix blocks port 1 - 1024 for non root users. Running a Smalltalk
image as root is obviously a very bad idea, especially when used for
web services. Smalltalk is full of security holes (for example Object
class>>#readFrom: uses the compiler) that would allow a smart person
to gain root rights. It is always good idea to run anything that is
publicly reachable in some sort of a sandbox, even if this is just by
using a non-privileged user.
Hi Lukas,
I read the thread you mentioned. Isn't it feasible to make the port 80
accessible for a non-root process?
This is probably hardcoded in the kernel, but since this problem has
been around for years in most communities, but not to fix this in the
kernel?
Just a very naive question :-)
From recent thread on squeak-dev you can see that we actually came to
the solution of how to run on port 80 without being root. And solution
is as Apache is doing: starting with root then dropping the privilege
level to the normal user.
[squeak-dev] smalltalk and Web stuff
http://www.nabble.com/-squeak-dev--smalltalk-and-Web-stuff-td20643881.html
Best regards
Janko
--
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si
_______________________________________________
Pharo-project mailing list
Pharo-project@lists.gforge.inria.fr
http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-project
