Subject: Re: Modlisp for newbies by a newbie
From: rpw3@rpw3.org (Rob Warnock)
Date: Sat, 17 Jun 2006 05:50:25 -0500
Newsgroups: comp.lang.lisp
Message-ID: <ybqdnVmfcansQw7ZnZ2dnUVZ_rmdnZ2d@speakeasy.net>
Thomas F. Burdick <tfb@conquest.OCF.Berkeley.EDU> wrote:
+---------------
| rpw3@rpw3.org (Rob Warnock) writes:
| > Looks useful! Do you know how hard it is to get it to work with
| > local-domain (a.k.a. Unix-domain) sockets (AF_LOCAL or AF_UNIX)?
| > Many people prefer to use that when the Lisp process is on the
| > same server as Apache, to avoid the risks of having yet another
| > AF_INET socket open (the "port 3000" in your example).
| 
| If you trust the other users on your server, and you bind the socket
| to the loopback interface, you're not risking anything.  I would bet
| that cl-modlisp already does this, but if not it should be pretty
| simple to change.
+---------------

True, but if you *don't* trust the other users on your server,
local-domain sockets can still be used to protect against them.
As it says in "Unix(4) [FreeBSD, or "unix(7)" on Linux]:

    Normal filesystem access-control mechanisms are also applied
    when referencing pathnames; e.g., the destination of a connect(2)
    or sendto(2) must be writable.

[Note: Some operating systems ignore filesytems permissions for
local-domain sockets; in this case controlling access to the
enclosing directory can be used for protection.]


-Rob

-----
Rob Warnock			<rpw3@rpw3.org>
627 26th Avenue			<URL:http://rpw3.org/>
San Mateo, CA 94403		(650)572-2607