Aside comments on its language, are there any interesting features or issues anybody wants to raise here? (I wrote kcgi.)
I was mainly wanting to share a link to a nice project that could be of interest here.
However I was also wondering about few things.
1) If it would be possible to tighten sandbox a bit more in case when a worker process needs only access to a database file and optionally a template. The parent process could open fds for the worker. Then potentially the worker does not need access to open and related functionality.
But I don’t know what SQLite needs to function properly. Probably it needs open to create new version of a database or tempfiles. Maybe parent could also open second fd that would be empty? Just a thought.
2) On Linux can HTTP server that does CGI dance do: clone(CLONE_VM)/exec instead fork/exec? Would it give a meaningful performance boost? I understand that for most cases it would not matter.
SQLite is difficult to pledge: it creates files during runtime. See https://kristaps.bsd.lv/absdcon2016/ and https://kristaps.bsd.lv/absdcon2017 for some examples. I’ve long been kicking around a library (possibly extending ksql) that puts all sqlite access in a child process, but haven’t done it yet.
After reading through the 2017 presentation I had an idea. I’m not experienced with SQL, but is there something like SQL-pledge? It may have no sense.
The parent process makes a connection to a SQL server and fork/execs, maybe it could also prepare a few statements. Child process first will check what the request is about. Then it could make SQL-pledge that it will now only access a certain table and will use only specified statements. Is there something like it? I understand that to some extent it can be emulated by users, but I think it should it better if it would work per connection.