[Pharo-project] about vm dropping privileges

Janko Mivšek janko.mivsek at eranova.si
Fri Dec 5 04:31:24 EST 2008


Stéphane Ducasse wrote:

>     "Dedicated web servers such as Apache drop
>     their root privileges after startup."
> 
> So I was wondering why a SMalltalk VM cannot do the same?

Here is how I managed to do that from a workspace after making a class
LibC  according to recent guidelines from Gerardo Richarte on squeak-dev:

from Workspace:

   "be sure FFI is installed"
   "sudo ln -s /lib/libc-2.3.5.so /usr/local/lib/squeak/3.10-1/libc.so"

   "start Swazoo as root"

   libc := LibC new.
   libc setruid: 1000 euid: 1000 suid: 1000.

   "check that user is no more root"

LibC code:

   Object subclass: #LibC
	instanceVariableNames: ''
	classVariableNames: ''
	poolDictionaries: ''
	category: 'FFI-Unix'

   ...
   setruid: realUid euid: effectiveUid suid: savedUid
	<cdecl: long 'setresuid' (long long long) module: 'libc'>
	^ self externalCallFailed
   ...

The only problem is the path to libc library, which must be found linked
manually (see sudo ln..). If VM can be modified to use it more directly...

I hope this help a bit.

Best regards
Janko	


-- 
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si





More information about the Pharo-dev mailing list