Yes, I read that. But is there any conceptual implication to have the
port 80 accessible only by root?
This looks like to be very arbitrary no?
Alexandre
On 2 Dec 2008, at 18:59, Janko Mivšek wrote:
Alexandre Bergel wrote:
Unix blocks port 1 - 1024 for non root users. Running a Smalltalk
image as root is obviously a very bad idea, especially when used for
web services. Smalltalk is full of security holes (for example
Object
class>>#readFrom: uses the compiler) that would allow a smart person
to gain root rights. It is always good idea to run anything that is
publicly reachable in some sort of a sandbox, even if this is just
by
using a non-privileged user.
Hi Lukas,
I read the thread you mentioned. Isn't it feasible to make the port
80 accessible for a non-root process?
This is probably hardcoded in the kernel, but since this problem
has been around for years in most communities, but not to fix this
in the kernel?
Just a very naive question :-)
From recent thread on squeak-dev you can see that we actually came
to the solution of how to run on port 80 without being root. And
solution is as Apache is doing: starting with root then dropping the
privilege level to the normal user.
[squeak-dev] smalltalk and Web stuff
http://www.nabble.com/-squeak-dev--smalltalk-and-Web-stuff-td20643881.html
Best regards
Janko
--
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si
_______________________________________________
Pharo-project mailing list
[email protected]
http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-project
--
_,.;:~^~:;._,.;:~^~:;._,.;:~^~:;._,.;:~^~:;._,.;:
Alexandre Bergel http://www.bergel.eu
^~:;._,.;:~^~:;._,.;:~^~:;._,.;:~^~:;._,.;:~^~:;.
_______________________________________________
Pharo-project mailing list
[email protected]
http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-project
