FAQ
Thanks for the suggestion Ben.

Jailtool does install from a repo, though it doesn't do automatic
dependency resolution. You have to specify them yourself which is a pain
and pretty error prone. I think the issue was that while I'd specified all
the nodejs deb package dependencies I'd forgotten the
python-software-properties one which includes a lot of crypto libs.

In the end I solved it late yesterday using debootstrap and schroot<https://help.ubuntu.com/community/DebootstrapChroot>which gave me access to the package manager. From there I simply installed
node as per the Ubuntu instructions on the node JS wiki<https://github.com/joyent/node/wiki/Installing-Node.js-via-package-manager>.
It's not quite as minimal an environment as I'd originally hoped, but it's
easier to maintain and still reasonably secure.

Along the way I also created a small program to help with the actual
jailing of processes. We're using this in conjunction with
child_process.spawn to safely execute untrusted code from our parent node
HTTP server. I've open sourced it here: https://github.com/Hubify/jailor.
Enjoy!

Dave
On Tuesday, September 11, 2012 5:34:34 PM UTC-7, Ben Noordhuis wrote:

On Tue, Sep 11, 2012 at 9:47 PM, kuhnza <david....@gmail.com <javascript:>>
wrote:
I'm getting the following error when calling https.request in my node
script:
nodejs: ../src/node_crypto.cc:752: void
node::crypto::Connection::ClearError(): Assertion
`handle_->Get(String::New("error"))->BooleanValue() == false' failed.

The node process is running inside a chroot on Ubuntu. I built the chroot
using jailtool and as far as I can tell node should have all the necessary
dependencies available to it. The way I checked was to run apt-rdepends
nodejs and made sure that all the libs were inside the jail. The jail also
has access to /dev/null and /dev/random.

Besides https everything else seems to be running fine. I can make http
calls no problem and the rest of my code runs without error.

Running the same script outside the jail works.

What am I missing?
Is your node binary installed from a repo? What happens if you compile
from (upstream) source?
--
Job Board: http://jobs.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nodejs@googlegroups.com
To unsubscribe from this group, send email to
nodejs+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en

Search Discussions

Discussion Posts

Previous

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 6 of 6 | next ›
Discussion Overview
groupnodejs @
categoriesnodejs
postedSep 11, '12 at 7:51p
activeSep 12, '12 at 7:02p
posts6
users3
websitenodejs.org
irc#node.js

People

Translate

site design / logo © 2022 Grokbase