From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4 Received: (qmail 18070 invoked from network); 21 Jun 2022 14:09:01 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 21 Jun 2022 14:09:01 -0000 Received: from mail-40140.protonmail.ch ([185.70.40.140]) by 9front; Tue Jun 21 10:07:06 -0400 2022 Date: Tue, 21 Jun 2022 14:06:53 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proton.me; s=protonmail3; t=1655820422; x=1656079622; bh=ZgHUgkCnbbOBvQeeOQNTCzDVjiYpnr3GY/pbKWJJD/E=; h=Date:To:From:Reply-To:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID; b=txNna0926qhkrOeAXkT8krkx+Zsza4c15GKC3M5l+vuL9VNsjXO1E6t7i/vzWiEvq U8nSu0Q2z4d5qfa1GAgKD7/Ns6EcBtYrygy0cYW9YcM7I96Xan5VuLqjTrZshonRlU JMf6LuNQWfKLYMv3/ij0tIWf9AiYGI69lAZtazm8oOHb43X83NHkKZ+7K/tJjqvbp+ KnbQlEqqliudNqkmSXnlbckLcgprN3ziSltIlfbrvt9NbLiy/7iM0c99oyZyJwUe4j LobrXbRZyw8f+PJS2V6aRP5levFzQ88sxGx79pK2T3WRAovDLCQvVUwh0TCuXldb+F MZ8Es6/ccDlSg== To: 9front@9front.org From: "planless.user9" Message-ID: In-Reply-To: <4a8d0815-0bd5-91e1-0a7a-048088dbd2c2@posixcafe.org> References: <4a8d0815-0bd5-91e1-0a7a-048088dbd2c2@posixcafe.org> Feedback-ID: 50494670:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: anonymous element polling module-scale interface Subject: Re: [9front] httpd minimal configuration Reply-To: 9front@9front.org Precedence: bulk Thank you very much moody! There are no serious reasons for my preference and the rc-httpd approach is= also definitely an option for me. (Especially with your instructions, whic= h seem to be straightforward to realize.) I'm just trying to understand the system and that's why I read "Notes on th= e Plan 9tm 3rd edition Kernel Source" and "The C Programming Language". An = implementation in C would therefore play into my hands a bit (even more so,= since I have almost no experience with scripts). Many thanks again! ------- Original Message ------- Jacob Moody schrieb am Dienstag, 21. Juni 2022 u= m 15:15: > On 6/21/22 06:58, planless.user9 wrote: > > > Thank you very much for your fast and helpful reply. > > > > I will look at the source code in that case, hoping to get a simple web= server set up. > > > > Are there concrete insecurities in the implementation of namespaces? > > > Some thoughts: > First off you seemed to imply that rc-httpd had to be used with werc, thi= s is not the case. > If your goal is to just serve some static files rc-httpd on its own is mo= re then capable. I would be > curious to hear your reasoning for preferring httpd. > > Hiro claims that namespaces are not security boundaries. I think I would = agree > maybe 6 months ago, but some work has been done lately to change this. > I'd argue that with chdev and auth/box we're in a much much nicer spot > in regards to making namespaces proper security boundaries, if you still = disagree > with this statement I would be curious to hear what you think still needs= changed. > > Also you mention /lib/namespace.httpd, it is expected that you customize = it for your > system, modify it to place your webroot in the right spot. > > However if you are using rc-httpd with aux/listen, there is a namespace f= ile already > that takes advantage of newer security features: /rc/bin/service/!tcp80.n= amespace. > If you would wish to use this, cp /rc/bin/!tcp80 /rc/bin/tcp80 and cp /rc= /bin/!tcp80.namespace > /rc/bin/tcp80.namespace, then customize as desired. > > If you need some tips on writing/reading namespace files, check namespace= (6), and the associated > (1) pages for commands mirrored in namespace files. > > Thanks, > moody