-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrew Langmead wrote:
> 
> On Aug 31, 2006, at 9:41 AM, Tres Seaver wrote:
>> The other reason for wanting "early binding" to the ports is if the
>> ports are in the "reserved for root" range (< 1024);  in that case, the
>> ports *must* be bound early, before dropping privileges to those of the
>> "effective user".
>>
> 
> Not necessarily.
> 
> The basic sequence for opening a server socket connection is:
> 
> listener = socket(AF_INET,SOCK_STREAM,0)
> bind(listener, address_info)
> listen(listener, LISTEN_QUEUE_LENGTH)
> 
> For unix and unix-like systems that reserve some range of ports for
> privileged users, it is the bind() call that has the user check. It is
> at the listen() call where the port is seen as open and available for
> connections.
> 
> It might be that Zope's HTTPServer class bunches all of them in a single
> method for convenience, but it is possible to bind() early, drop privs,
> and listen() late.

Thanks, I'd forgotten that distinction.  ZServer does indeed hardwire
the two of them together, and it looks like it would be hard to split it
apart.

Andreas' hack elegant as it is, seems adequate for the purpose.


Tres.
- --
===================================================================
Tres Seaver          +1 202-558-7113          [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE925G+gerLs4ltQ4RAmezAJ49ikaCgveaSPcLhug3NHVS0MemUgCfdzlm
aswciRwTad8heeTWnaThItk=
=KTDx
-----END PGP SIGNATURE-----

_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to