[Haskell-cafe] chroot a single thread
brian
brianchina60221 at gmail.com
Sat Dec 27 23:41:58 EST 2008
On Sat, Dec 27, 2008 at 8:01 PM, Jeremy Shaw <jeremy at n-heptane.com> wrote:
> The problem with that function is that chroot affects the root of the
> whole process.
Yeah. Maybe you want privilege separation. Instead of starting a
thread to do the stuff that requires extra authority, make it a
separate program and communicate with it with some simple protocol.
qmail might be good to look at to get the intuition.
You say you can only pass data and get back return codes, but really,
you can send and receive whatever you want if the other process does
I/O via a UNIX domain socket or something like that.
More information about the Haskell-Cafe
mailing list