my question was more how can the VM be fixed :)
Stef
On Dec 2, 2008, at 10:00 PM, Lukas Renggli wrote:
I was rereading our excellent forthcoming seaside book :)
*lol*
And lukas wrote
"To listen on port 80, the standard port used by the HTTP
protocol,
the
web server needs to run as root. Running a public service as
root is
a huge security issue. Dedicated web servers such as Apache
drop
their root privileges after startup. This allows them to
listen to
port
80 while not being root. Unfortunately this is not something
that can
be easily done from within the Smalltalk VM. "
And I was wondering what is the exact problem?
Unix blocks port 1 - 1024 for non root users. Running a Smalltalk
image as root is obviously a very bad idea, especially when used for
web services. Smalltalk is full of security holes (for example Object
class>>#readFrom: uses the compiler) that would allow a smart person
to gain root rights. It is always good idea to run anything that is
publicly reachable in some sort of a sandbox, even if this is just by
using a non-privileged user.
Cheers,
Lukas
--
Lukas Renggli
http://www.lukas-renggli.ch
_______________________________________________
Pharo-project mailing list
[email protected]
http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-project
_______________________________________________
Pharo-project mailing list
[email protected]
http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-project
