[Chicken-janitors] #448: Spiffy: allow code to be executed after droppin

chicken-janitors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Chicken-janitors] #448: Spiffy: allow code to be executed after droppin

From:	Chicken Trac
Subject:	[Chicken-janitors] #448: Spiffy: allow code to be executed after dropping privileges and before accepting connections
Date:	Fri, 10 Dec 2010 13:41:47 -0000

#448: Spiffy: allow code to be executed after dropping privileges and before
accepting connections
-------------------------+--------------------------------------------------
 Reporter:  mario        |       Owner:       
     Type:  enhancement  |      Status:  new  
 Priority:  major        |   Milestone:  4.7.0
Component:  extensions   |     Version:  4.6.x
 Keywords:  spiffy       |  
-------------------------+--------------------------------------------------
 Currently there is no straight forward way to make Spiffy execute code
 after it drops privileges and before accepting connections.

 One use case for this would be applications which use spiffy as HTTP
 server (like awful).  The awful workflow is:

 {{{
 (read/parse-command-line-options)
 (load-given-applications)
 (start-server)
 }}}

 To be able to use privileged ports (e.g., 80), the awful process has to be
 executed as root, so it can call Spiffy's {{{start-server}}} with enough
 privileges to listen on privileged ports. The privileges dropping part is
 also done in {{{start-server}}}.  There's no entry point for code to be
 executed between dropping privileges and accepting connections.

 So, in the awful workflow, {{{(load-given-applications)}}} loads
 applications as root, which is a bad thing.

 The solution would be modifying spiffy in a way it calls a procedure after
 it drops privileges and before it accepts connections.  An implementation
 option would be a parameter and/or a keyword argument for {{{start-
 server}}}.

 Another option would be splitting the implementation of {{{start-
 server}}}, so that we can separate the privileges dropping part from the
 connections accepting part.  We'd have at least two procedures which could
 be called by users, possibly with custom code between them.  For backward
 compatibility, {{{start-server}}} could be kept by calling the new
 procedures in sequence.

-- 
Ticket URL: <http://bugs.call-cc.org/ticket/448>
Chicken Scheme <http://www.call-with-current-continuation.org/>
Chicken Scheme is a compiler for the Scheme programming language.

[Prev in Thread]

Current Thread

[Next in Thread]

[Chicken-janitors] #448: Spiffy: allow code to be executed after dropping privileges and before accepting connections, Chicken Trac <=
- [Chicken-janitors] Re: #448: Spiffy: allow code to be executed after dropping privileges and before accepting connections, Chicken Trac, 2010/12/27

Prev by Date: [Chicken-janitors] Re: #439: Quasiquote simplification and improved syntax checks
Next by Date: [Chicken-janitors] Re: #445: define-record doesn't respect scope rules
Previous by thread: [Chicken-janitors] Re: #436: find more efficient way to bulk-init locally allocated data
Next by thread: [Chicken-janitors] Re: #448: Spiffy: allow code to be executed after dropping privileges and before accepting connections
Index(es):
- Date
- Thread