On 21/02/2014, at 7:48 AM, srean wrote: > > I know chroot, thinking from the point of view of a Felix user. Most web > servers have this feature.
Yes, but it doesn't work. All you need is a link to escape. In any case flx_web is specifically designed as a programmers web server. It has to escape the web root because it hyperlinks #include <stdlib.h> so it has to be able to see into the specified C_PATH. The code which does this sort of thing is not in the main part of the webserver. It's in the plugin that translates C. And you have to be able to see into your current project to show the files there, and you live in $HOME not under $FLX_INSTALL_DIR. So you see, flx_web is not your usual webserver. Its a personal web server. Specifically designed for programmers. And it's built out of arbitrary dynamically linkable plugins (although the current flx_web never does any plugin loading, for easy of deployment). To restrict file access on Linux there are other techniques. One is to make a Fuse like file mapper and hook every I/O command in Felix to remap filenames. Which you can work around in any piece of code by writing a C binding to fopen. They say C gives you a gun so you can shoot yourself in the foot. I reckon C++ gives you a machine gun to make sure you don't miss. Felix gives you a tactical nuke so you can take your head off too. -- john skaller skal...@users.sourceforge.net http://felix-lang.org ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk _______________________________________________ Felix-language mailing list Felix-language@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/felix-language
