Re: chroot for go webserver with pledge and unveil

On Thu, Mar 17, 2022 at 06:34:28PM -, Stuart Henderson wrote: > On 2022-03-16, Marc Espie wrote: > > On Tue, Mar 15, 2022 at 11:32:19PM +0100, i...@tutanota.com wrote: > >> Since Go has support for pledge and unveil, I was thinking about > >> "imitating" the setup for httpd. > >> > >> I basic

Re: chroot for go webserver with pledge and unveil

On Thu, Mar 17, 2022 at 09:41:13PM +0100, i...@tutanota.com wrote: > >> I assume go has bindings for setuid() and friends. > > > Go software doesn't usually like to do this because of some issue > > with doing so on Linux that I don't _think_ apply to OpenBSD. And > > they have the "allow binding

Re: chroot for go webserver with pledge and unveil

On 2022-03-16, Marc Espie wrote: > On Tue, Mar 15, 2022 at 11:32:19PM +0100, i...@tutanota.com wrote: >> Since Go has support for pledge and unveil, I was thinking about >> "imitating" the setup for httpd. >> >> I basically need to run a Go webserver with access to MariaDB, >> but would like to c

Re: chroot for go webserver with pledge and unveil

Am 16.03.22 03:09 schrieb i...@tutanota.com: > >> I was thinking that since Go by default doesn't run a webserver on > >> port 80 or 443 > > > What does it even mean. Go is a programming language. If you want to > > build and run a webserver with it and have it listen on whatever port > > you want

Re: chroot for go webserver with pledge and unveil

On Tue, Mar 15, 2022 at 11:32:19PM +0100, i...@tutanota.com wrote: > Since Go has support for pledge and unveil, I was thinking about > "imitating" the setup for httpd. > > I basically need to run a Go webserver with access to MariaDB, > but would like to chroot the Go webserver. > > I was thinki

Re: chroot for go webserver with pledge and unveil

On 3/15/22 6:32 PM, i...@tutanota.com wrote: ... $ doas chroot -u www -g www /var/www /bin/go-server But that wouldn't keep it running after a reboot. The "easy" and historic way: man 8 rc more specifically, rc.local The "better" way: man 8 rc.d (and read the "see also"s.) Probably g

Re: chroot for go webserver with pledge and unveil

On Tue, Mar 15, 2022 at 10:25 PM wrote: > Is there something to restart it if it crashes? If that's a concern you could use a shell script that launches and relaunches the thing, But ask yourself: why would you want it to restart automatically after a crash, if you are concerned about security?

Re: chroot for go webserver with pledge and unveil

Em Tue, 2022-03-15 às 23:32 +0100, i...@tutanota.com escreveu: > I was thinking that since Go by default doesn't run a webserver on >  port 80 or 443 What does it even mean. Go is a programming language. If you want to build and run a webserver with it and have it listen on whatever port you want