[Pharo-project] about vm dropping privileges
janko.mivsek at eranova.si
Fri Dec 5 04:31:24 EST 2008
Stéphane Ducasse wrote:
> "Dedicated web servers such as Apache drop
> their root privileges after startup."
> So I was wondering why a SMalltalk VM cannot do the same?
Here is how I managed to do that from a workspace after making a class
LibC according to recent guidelines from Gerardo Richarte on squeak-dev:
"be sure FFI is installed"
"sudo ln -s /lib/libc-2.3.5.so /usr/local/lib/squeak/3.10-1/libc.so"
"start Swazoo as root"
libc := LibC new.
libc setruid: 1000 euid: 1000 suid: 1000.
"check that user is no more root"
Object subclass: #LibC
setruid: realUid euid: effectiveUid suid: savedUid
<cdecl: long 'setresuid' (long long long) module: 'libc'>
^ self externalCallFailed
The only problem is the path to libc library, which must be found linked
manually (see sudo ln..). If VM can be modified to use it more directly...
I hope this help a bit.
Smalltalk Web Application Server
More information about the Pharo-dev