[Pharo-project] about vm dropping privileges

Janko Mivšek janko.mivsek at eranova.si
Fri Dec 5 04:31:24 EST 2008

Stéphane Ducasse wrote:

>     "Dedicated web servers such as Apache drop
>     their root privileges after startup."
> So I was wondering why a SMalltalk VM cannot do the same?

Here is how I managed to do that from a workspace after making a class
LibC  according to recent guidelines from Gerardo Richarte on squeak-dev:

from Workspace:

   "be sure FFI is installed"
   "sudo ln -s /lib/libc-2.3.5.so /usr/local/lib/squeak/3.10-1/libc.so"

   "start Swazoo as root"

   libc := LibC new.
   libc setruid: 1000 euid: 1000 suid: 1000.

   "check that user is no more root"

LibC code:

   Object subclass: #LibC
	instanceVariableNames: ''
	classVariableNames: ''
	poolDictionaries: ''
	category: 'FFI-Unix'

   setruid: realUid euid: effectiveUid suid: savedUid
	<cdecl: long 'setresuid' (long long long) module: 'libc'>
	^ self externalCallFailed

The only problem is the path to libc library, which must be found linked
manually (see sudo ln..). If VM can be modified to use it more directly...

I hope this help a bit.

Best regards

Janko Mivšek
Smalltalk Web Application Server

More information about the Pharo-dev mailing list