[plt-scheme] anyone written a web-server app that drops privileges on Unix?

From: Jay McCarthy (jay.mccarthy at gmail.com)
Date: Tue Feb 16 18:07:01 EST 2010

It is also very easy to use the ffi to call setuid. Call it after calling serve.

Jay

On Tue, Feb 16, 2010 at 3:36 PM, YC <yinso.chen at gmail.com> wrote:
> A couple of possible ways that I know of -
>
> Use an apache mod_proxy as the frontend to web-server
> Use iptables to redirect port 80 to another port (say 8080) -
> http://www.groovygrails.de/blog/groovygrails/entry/non_root_tomcat_on_port
>
> HTH.  Cheers,
> yc
>
> On Tue, Feb 16, 2010 at 2:13 PM, Danny Yoo <dyoo at cs.wpi.edu> wrote:
>>
>> Hi everyone,
>>
>> I'm writing a small web servlet using the PLT Scheme web server
>> libraries.  The servlet needs to run on port 80, but on Unix systems,
>> I need to be root to bind to port 80.  I feel a little nervous when I
>> have a long-running, network-accessible service, especially if it runs
>> as the superuser.  Does anyone have any suggestions on how to drop
>> privileges here?
>> _________________________________________________
>>  For list-related administrative tasks:
>>  http://list.cs.brown.edu/mailman/listinfo/plt-scheme
>
>
> _________________________________________________
>  For list-related administrative tasks:
>  http://list.cs.brown.edu/mailman/listinfo/plt-scheme
>
>



-- 
Jay McCarthy <jay at cs.byu.edu>
Assistant Professor / Brigham Young University
http://teammccarthy.org/jay

"The glory of God is Intelligence" - D&C 93


Posted on the users mailing list.