[Zope-dev] Re: Timing the opening of network ports

[Andrew Langmead]

On Aug 31, 2006, at 9:41 AM, Tres Seaver wrote:
> The other reason for wanting "early binding" to the ports is if the
> ports are in the "reserved for root" range (< 1024);  in that case,  
> the
> ports *must* be bound early, before dropping privileges to those of  
> the
> "effective user".
>

Not necessarily.

The basic sequence for opening a server socket connection is:

listener = socket(AF_INET,SOCK_STREAM,0)
bind(listener, address_info)
listen(listener, LISTEN_QUEUE_LENGTH)

For unix and unix-like systems that reserve some range of ports for  
privileged users, it is the bind() call that has the user check. It  
is at the listen() call where the port is seen as open and available  
for connections.

It might be that Zope's HTTPServer class bunches all of them in a  
single method for convenience, but it is possible to bind() early,  
drop privs, and listen() late.