Log in - Edit - History

security

Hackiki uses several layers of security:

1. The entire Hackiki system runs in a chroot (keeping it somewhat separated from the rest of codu.org)
2. The filesystem is in Mercurial (repository, administration) for easy reversion of vandalism
3. Programs run in Plash
   • /tmp is mapped to a directory that exists for only the duration of the program run
   • /hackiki is mapped to an hg clone of the FS
4. A firewall prevents any process with a plash-generated UID from making outgoing network connections
5. ulimits are applied

Hackiki has rudimentary support for user permissions, but don't be fooled: Unless carefully tuned these permissions will not prevent anyone from running arbitrary code, they will only prevent users from editing particular files.

To anyone considering using Hackiki in their project, it's worthwhile for me to repeat this bit of the license:

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.