Nikodemus Siivola <nikodemus(a)random-state.net> writes:
> Erik?
If he wants to put his neck on the line then I think we should let
him. :-) If clhp is too much of a strain on the server I'll take it down
and perhaps months down the line when he's come up with a better way
I'll let him try it out again. We're here to help CL developers and I
think we should try our best to do exactly that. Now, you're right that
we shouldn't bend-over backwards for everyone and their needs but this
one seems fairly harmless.
If the server halts because of a full disk or CPU grinding then that's
what happens and I'll be very reluctant to try out clhp again. Anthony
feels pretty secure that this won't happen so I'm willing to chance it.
That said, this is not really a dictatorship so if the two of you want
to outvote me, you can. :-)
> Like Mario pointed out, this is why chrooting is *vital*. It's not
> about trust, but about security and robustness. And I'd add "running
> as nobody" and "cmhod -R o-w" to the list. ;)
Anthony, what they are pointing out are likely to be requirements in a
production scenario, anyway. Is there a way to make sure that clhp
pages do not have access to files outside it's directory structure?
Erik.