RE: [Zope] - A little problem...
[ Discussion about using suid to allow Zope to run on port 80 ]
But I don't know how I can hand over a socket like that... Especially not how Zope would handle it... Any ideas?
My first response: Does Zope need to run on port 80 at your site? If you can run it on a port >1024, you will have a much smaller security hole. Regards, Jeff Bauer Rubicon, Inc.
Jeff Bauer wrote:
[ Discussion about using suid to allow Zope to run on port 80 ]
But I don't know how I can hand over a socket like that... Especially not how Zope would handle it... Any ideas?
My first response: Does Zope need to run on port 80 at your site? If you can run it on a port >1024, you will have a much smaller security hole.
Or better yet, if the operating system allows you to adjust the port range that needs root, adjust that down to zero. If the machine is a single purpose webserver with no users, there's almost no value to the <1024 privileged port rubbish. (all of the free unixen and Solaris 2.x^H^H^H7 can do this - probably other modern unixen can do it too.) Anthony -- Anthony Baxter, NextTelecom. email:anthony@interlink.com.au, voice: +61 416 271 170
participants (2)
-
Anthony Baxter -
Jeff Bauer