From: "planless.user9" <planless.user9@proton.me>
To: 9front@9front.org
Subject: Re: [9front] httpd minimal configuration
Date: Tue, 21 Jun 2022 14:06:53 +0000 [thread overview]
Message-ID: <Kx9BZ52Ckwv-9bstyn5mpZ29iJBJayv-jo2JUUAz7_38DgDUrotwAS-GnnOU91bCtqcHi5w3Ji671Sgvs434pqsunsjjF7Yws6Jh4CMNxuI=@proton.me> (raw)
In-Reply-To: <4a8d0815-0bd5-91e1-0a7a-048088dbd2c2@posixcafe.org>
Thank you very much moody!
There are no serious reasons for my preference and the rc-httpd approach is also definitely an option for me. (Especially with your instructions, which seem to be straightforward to realize.)
I'm just trying to understand the system and that's why I read "Notes on the Plan 9tm 3rd edition Kernel Source" and "The C Programming Language". An implementation in C would therefore play into my hands a bit (even more so, since I have almost no experience with scripts).
Many thanks again!
------- Original Message -------
Jacob Moody <moody@mail.posixcafe.org> schrieb am Dienstag, 21. Juni 2022 um 15:15:
> On 6/21/22 06:58, planless.user9 wrote:
>
> > Thank you very much for your fast and helpful reply.
> >
> > I will look at the source code in that case, hoping to get a simple web server set up.
> >
> > Are there concrete insecurities in the implementation of namespaces?
>
>
> Some thoughts:
> First off you seemed to imply that rc-httpd had to be used with werc, this is not the case.
> If your goal is to just serve some static files rc-httpd on its own is more then capable. I would be
> curious to hear your reasoning for preferring httpd.
>
> Hiro claims that namespaces are not security boundaries. I think I would agree
> maybe 6 months ago, but some work has been done lately to change this.
> I'd argue that with chdev and auth/box we're in a much much nicer spot
> in regards to making namespaces proper security boundaries, if you still disagree
> with this statement I would be curious to hear what you think still needs changed.
>
> Also you mention /lib/namespace.httpd, it is expected that you customize it for your
> system, modify it to place your webroot in the right spot.
>
> However if you are using rc-httpd with aux/listen, there is a namespace file already
> that takes advantage of newer security features: /rc/bin/service/!tcp80.namespace.
> If you would wish to use this, cp /rc/bin/!tcp80 /rc/bin/tcp80 and cp /rc/bin/!tcp80.namespace
> /rc/bin/tcp80.namespace, then customize as desired.
>
> If you need some tips on writing/reading namespace files, check namespace(6), and the associated
> (1) pages for commands mirrored in namespace files.
>
> Thanks,
> moody
next prev parent reply other threads:[~2022-06-21 14:09 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-21 11:48 planless.user9
2022-06-21 12:23 ` hiro
2022-06-21 12:31 ` hiro
2022-06-21 12:58 ` planless.user9
2022-06-21 13:15 ` Jacob Moody
2022-06-21 14:06 ` planless.user9 [this message]
2022-06-21 18:40 ` sirjofri
2022-06-22 6:25 ` william
2022-06-22 9:09 ` planless.user9
2022-06-22 9:29 ` umbraticus
2022-06-22 10:38 ` hiro
2022-06-21 17:52 ` mkf9
2022-06-21 17:44 ` mkf9
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='Kx9BZ52Ckwv-9bstyn5mpZ29iJBJayv-jo2JUUAz7_38DgDUrotwAS-GnnOU91bCtqcHi5w3Ji671Sgvs434pqsunsjjF7Yws6Jh4CMNxuI=@proton.me' \
--to=planless.user9@proton.me \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).