Nikodemus Siivola nikodemus@random-state.net writes:
Erik?
If he wants to put his neck on the line then I think we should let him. :-) If clhp is too much of a strain on the server I'll take it down and perhaps months down the line when he's come up with a better way I'll let him try it out again. We're here to help CL developers and I think we should try our best to do exactly that. Now, you're right that we shouldn't bend-over backwards for everyone and their needs but this one seems fairly harmless.
If the server halts because of a full disk or CPU grinding then that's what happens and I'll be very reluctant to try out clhp again. Anthony feels pretty secure that this won't happen so I'm willing to chance it.
That said, this is not really a dictatorship so if the two of you want to outvote me, you can. :-)
Like Mario pointed out, this is why chrooting is *vital*. It's not about trust, but about security and robustness. And I'd add "running as nobody" and "cmhod -R o-w" to the list. ;)
Anthony, what they are pointing out are likely to be requirements in a production scenario, anyway. Is there a way to make sure that clhp pages do not have access to files outside it's directory structure?
Erik.