[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Chicken-janitors] #448: Spiffy: allow code to be executed after droppin
From: |
Chicken Trac |
Subject: |
[Chicken-janitors] #448: Spiffy: allow code to be executed after dropping privileges and before accepting connections |
Date: |
Fri, 10 Dec 2010 13:41:47 -0000 |
#448: Spiffy: allow code to be executed after dropping privileges and before
accepting connections
-------------------------+--------------------------------------------------
Reporter: mario | Owner:
Type: enhancement | Status: new
Priority: major | Milestone: 4.7.0
Component: extensions | Version: 4.6.x
Keywords: spiffy |
-------------------------+--------------------------------------------------
Currently there is no straight forward way to make Spiffy execute code
after it drops privileges and before accepting connections.
One use case for this would be applications which use spiffy as HTTP
server (like awful). The awful workflow is:
{{{
(read/parse-command-line-options)
(load-given-applications)
(start-server)
}}}
To be able to use privileged ports (e.g., 80), the awful process has to be
executed as root, so it can call Spiffy's {{{start-server}}} with enough
privileges to listen on privileged ports. The privileges dropping part is
also done in {{{start-server}}}. There's no entry point for code to be
executed between dropping privileges and accepting connections.
So, in the awful workflow, {{{(load-given-applications)}}} loads
applications as root, which is a bad thing.
The solution would be modifying spiffy in a way it calls a procedure after
it drops privileges and before it accepts connections. An implementation
option would be a parameter and/or a keyword argument for {{{start-
server}}}.
Another option would be splitting the implementation of {{{start-
server}}}, so that we can separate the privileges dropping part from the
connections accepting part. We'd have at least two procedures which could
be called by users, possibly with custom code between them. For backward
compatibility, {{{start-server}}} could be kept by calling the new
procedures in sequence.
--
Ticket URL: <http://bugs.call-cc.org/ticket/448>
Chicken Scheme <http://www.call-with-current-continuation.org/>
Chicken Scheme is a compiler for the Scheme programming language.
- [Chicken-janitors] #448: Spiffy: allow code to be executed after dropping privileges and before accepting connections,
Chicken Trac <=