What is the best way to make lisp listen to a port below 1024 on a
Linux computer? Setting up a redirect rule with iptables is an easy
way, but is there any other good solutions? I don't think I want to
run lisp as root. Is it more or less dangerous to run lisp as root,
than other languages?
--
Knut Olav B�hmer
_ _
/ / (_)__ __ ____ __
/ /__/ / _ \/ // /\ \/ / ... The choice of a
/____/_/_//_/\.,_/ /_/\.\ GNU generation
An ideal world is left as an exercise to the reader. (Paul Graham)
"Knut Olav B�hmer" <·····@linpro.no> writes:
> What is the best way to make lisp listen to a port below 1024 on a
> Linux computer? Setting up a redirect rule with iptables is an easy
> way, but is there any other good solutions? I don't think I want to
> run lisp as root. Is it more or less dangerous to run lisp as root,
> than other languages?
No, don't run it as root. You can make your program be started by root
and then change its identity before it has done anything else than
binding the socket (Allegroserve does this, afair). Or you can use a
custom kernel that allows non-root users to bind your favourite
port. Or you can use a small wrapper program that does the socket
binding for you (cl-http does this, I think).
--
(espen)
Espen Vestre <·····@*do-not-spam-me*.vestre.net> writes:
> Or you can use a custom kernel that allows non-root users to bind
> your favourite port.
Newer versions of Linux supports capabilities, so one solution would
be to give the Lisp program CAP_NET_BIND_SERVICE, which will allow it
to bind an low-numbered port number.
However, when I tried playing with this, I got nowhere. That might
be the results of having a too old glibc, or something like that...
--
(domestic pets only, the antidote for overdose, milk.)
·····@gnus.org * Lars Magne Ingebrigtsen
"Knut Olav B�hmer <·····@linpro.no> wrote in message news:<···············@perl.linpro.no>...
> What is the best way to make lisp listen to a port below 1024 on a
> Linux computer? Setting up a redirect rule with iptables is an easy
> way, but is there any other good solutions? I don't think I want to
> run lisp as root. Is it more or less dangerous to run lisp as root,
> than other languages?
Given that your kernel is written in C, and most of your privileged
services are also, and that you accept all that software, I'd say that
your concerns are misplaced.
Lisp is far more suitable for high security applications than C,
because the programmer is isolated from memory management details and
fragile, low-level data structures like weak arrays based on pointer
displacement.
There are other security concerns specific to Lisp which are
manageable. You have to be careful that untrusted input is not parsed
to a data structure which is then evaluated as code.
If you want to listen on a low port number, one way to do that is to
start as root and then drop your privileges once you have the socket
ready, no?
You could have a little lightweight agent that just listens on the
privileged port and passes the data to a Lisp server using some IPC
mechanism, like another socket. The agent can be forked or threaded
for each connection, but the processing can all be done in one Lisp
image.
···@ashi.footprints.net (Kaz Kylheku) writes:
> There are other security concerns specific to Lisp which are
> manageable. You have to be careful that untrusted input is not parsed
> to a data structure which is then evaluated as code.
Someone should make a FAQ. (read) sometimes evals it's input, right?
What else can do that?
Scott Schwartz <··········@usenet ·@bio.cse.psu.edu> writes:
> ···@ashi.footprints.net (Kaz Kylheku) writes:
> > There are other security concerns specific to Lisp which are
> > manageable. You have to be careful that untrusted input is not parsed
> > to a data structure which is then evaluated as code.
>
> Someone should make a FAQ. (read) sometimes evals it's input, right?
> What else can do that?
I _think_ that READ and READ-PRESERVING-WHITESPACE are the only stream
functions that do this.
The following other functions offer opportunities for code parasites to
creep in. I'm not sure if this is an exhaustive set.
COMPILE
COMPILE-FILE
EVAL
LOAD
COERCE [with second argument of FUNCTION]
READ-FROM-STRING
Implementations may also have extensions that are "of concern".
From: Tim Bradshaw
Subject: Re: Listent to the sound of "port < 1024"
Date:
Message-ID: <ey365uk58sc.fsf@cley.com>
* Scott Schwartz wrote:
> Someone should make a FAQ. (read) sometimes evals it's input, right?
If *READ-EVAL* is true, it can. If it's false, and you are careful
(in particular: check what you read is valid!), I think it's possible
to do READ mostly-probably-safely. The mostly is because there isn't
a good way of stopping it interning symbols in bad places, or of
finding out what those symbols were (finding out *can* be done,
assuming that nothing else is interning, by snapshotting the package
state before the call to READ, and then checking afterwards, but
that's somewhat hideous). The probably is because I'm not sure it's
safe and also I doubt whether implementations have obsessed about
safety the way you likely need to do in order to be really sure.
> What else can do that?
Nothing I know of (well, things like READ-FROM-STRING and so forth,
obviously).
--tim
"Knut Olav =?iso-8859-1?q?B=F8hmer?=" <·····@linpro.no> writes:
> What is the best way to make lisp listen to a port below 1024 on a
> Linux computer?
Look at inetd.conf. Inetd will listen on the port you specify, and
run the application as the userid you specify.