Mail archive

[Acf] [RFC] privilete separation in ACF

From: Natanael Copa <>
Date: Fri, 09 Nov 2007 17:28:57 +0100


I have been talking in private with some of the devs about privilege
separation in ACF. I will prestent some info here about it, for the

The idea is that only a fraction of the code will need root privileges
and web programming is risky. So it is desireable that only the code
that needs root privileges has it and the rest runs without root

So i suggest this, we fork the process, drop the privileges and
implement some kind of local RPC between the processes, but instead of
communicating via a network socket, we can cummunicate via 2 local

This diagram shows how it works:

Attatched is a small demo to show how it could be implemented, using
JSON. I chose JSON because its a standard, and there is a library
available thats easy enough for me to understand :)

I have attatched json.lua to be able to run the demo but you will also
need lposix (available in alpine as luaposix)

While this adds a few bits of complexity but thanks to the current MVC
model, much of the complexity can be hidden away.

Its just an idea...


Received on Fri Nov 09 2007 - 17:28:57 UTC