From: Wes J. <com...@gm...> - 2010-03-28 02:34:57
|
in chapter 11 of the pdf on yaws it says: YAWS is of course susceptible to intrusions. YAWS has the ability to run under a different user than root - Assuming we need to listen to privileged port numbers. I don't quite understand this phrase. I can run yaws as user foo, but I don't see how with port < 1024. How is this done? thx, -wes |
From: Rapsey <ra...@gm...> - 2010-03-28 07:43:59
|
It completely depends on your OS. Sergej On Sun, Mar 28, 2010 at 4:34 AM, Wes James <com...@gm...> wrote: > in chapter 11 of the pdf on yaws it says: > > YAWS is of course susceptible to intrusions. YAWS has the ability to > run under a different user than root - Assuming we need to listen to > privileged port numbers. > > I don't quite understand this phrase. I can run yaws as user foo, but > I don't see how with port < 1024. How is this done? > > thx, > > -wes > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Erlyaws-list mailing list > Erl...@li... > https://lists.sourceforge.net/lists/listinfo/erlyaws-list > |
From: Wes J. <com...@gm...> - 2010-03-29 14:07:04
|
On Sun, Mar 28, 2010 at 1:43 AM, Rapsey <ra...@gm...> wrote: > It completely depends on your OS. OS X snow leopard > > Sergej > > On Sun, Mar 28, 2010 at 4:34 AM, Wes James <com...@gm...> wrote: >> >> in chapter 11 of the pdf on yaws it says: >> >> YAWS is of course susceptible to intrusions. YAWS has the ability to >> run under a different user than root - Assuming we need to listen to >> privileged port numbers. >> >> I don't quite understand this phrase. I can run yaws as user foo, but >> I don't see how with port < 1024. How is this done? I've been looking at ipfw fwd, but it seems to be broken in OS X SL . -wes |
From: Davide M. <ne...@gm...> - 2010-03-28 11:14:01
|
Hi Wes, On Sun, Mar 28, 2010 at 3:34 AM, Wes James <com...@gm...> wrote: > I don't see how with port < 1024. How is this done? > Check this out: http://yaws.hyber.org/privbind.yaws Cheers, Davide :) |
From: Wes J. <com...@gm...> - 2010-03-31 20:19:41
|
On Sat, Mar 27, 2010 at 8:34 PM, Wes James <com...@gm...> wrote: > in chapter 11 of the pdf on yaws it says: > > YAWS is of course susceptible to intrusions. YAWS has the ability to > run under a different user than root - Assuming we need to listen to > privileged port numbers. > > I don't quite understand this phrase. I can run yaws as user foo, but > I don't see how with port < 1024. How is this done? On os x this is how this can be done: edit /etc/sysctl and add: net.inet.ip.forwarding=1 or temporarily do this on the cli: sysctl -w net.inet.ip.forwarding=1 then with ipfw as the firewall (turn off the gui firewall in system preferences and manage own rules) use the ipfw rules like these - for testing on your own box use something like: ipfw add fwd 127.0.0.1,8080 tcp from any to 127.0.0.1 dst-port 80 in ipfw add fwd 127.0.0.1,8443 tcp from any to 127.0.0.1 dst-port 443 in set up yaws to use 8080 and 8443 in yaws.conf and then run as some non root user. When you browse to http://127.0.0.1 or https://127.0.0.1 you will see your pages that are actually on 8080 and 8443 internally but will be forwarded via ipfw forwarding. -wes |
From: Claes W. <kl...@ta...> - 2010-04-12 10:35:21
|
Wes James wrote: > > On os x this is how this can be done: Thanks, added to the docs. /klacke |