|
|
| Author |
Message |
|
| jwatte |
 Posted: Wed Jun 02, 2010 4:20 am |
 |
|
|
User
Joined: 10 Feb 2010
Posts: 34
|
Under UNIX, you cannot bind to a port < 1024 without root privileges. Common security precautions in web servers is to start as root, bind to ports 80 and 443, and then drop privileges by calling setuid().
I understand that this behavior is totally platform specific, but it's also pretty much required for any real server. Nobody wants to run their live systems with root privileges. However, I can't find any "platform specific" or "POSIX interoperability" module for Erlang that would let me do this.
How is this done in practice? |
|
|
| Back to top |
 
|
| zajda |
| Posted: Thu Jun 03, 2010 10:17 am |
|
|
|
User
Joined: 22 Aug 2009
Posts: 83
|
take a look at fd_server application (from junglerl), it is used to open privileged ports as non-root
http://github.com/gebi/jungerl/tree/master/lib/fd_server/
Another way to cope with this problem is.. not running servers on privileged ports. Usually, what I do is starting servers at high ports (say 8080) and then use iptables
Code: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
MichaĆ Zajda
------------------
Erlang Solutions Ltd |
|
|
| Back to top |
|
| jwatte |
| Posted: Mon Jun 07, 2010 8:35 pm |
|
|
|
User
Joined: 10 Feb 2010
Posts: 34
|
Thanks for your suggestions!
I ended up first writing a nif that called setuid().
Then I was poked into checking out modern Linux file attributes -- it turns out you can give a file the capability to bind to service ports, without running as root, using the setcap command. |
|
|
| Back to top |
|
| wuji |
| Posted: Wed Aug 22, 2012 7:59 am |
|
|
|
User
Joined: 10 Aug 2012
Posts: 654
|
a link to go to Netflix, you would wind up up jordan 6 up at "BudgetMatch," according to the FBI. The practice is
"click hijacking."Once the FBI got around to fixing the problem problem [h4]cheap jordans[/h4] problem in 2011, it realized it couldn't simply shut down
rogue servers because infected computers would be left without a a cheap replica *beep* a functioning DNS, leaving them virtually Internet-less. So it set
temporary servers to give malware-infected Internet users time to fix fix jordan 6 fix their computers.And time runs out on Monday, July 9.(There
a planned attack this Monday that will shut down the the imitation designer *beep* the Internet; those whose computers are already infected will lose |
|
|
| Back to top |
|
|
|
All times are GMT
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
|
|
|
Digg It
Del.icio.us
Reddit
Facebook
Stumble Upon
Technorati
