Thomas F. Burdick <tfb@conquest.OCF.Berkeley.EDU> wrote:
| firstname.lastname@example.org (Rob Warnock) writes:
| > Looks useful! Do you know how hard it is to get it to work with
| > local-domain (a.k.a. Unix-domain) sockets (AF_LOCAL or AF_UNIX)?
| > Many people prefer to use that when the Lisp process is on the
| > same server as Apache, to avoid the risks of having yet another
| > AF_INET socket open (the "port 3000" in your example).
| If you trust the other users on your server, and you bind the socket
| to the loopback interface, you're not risking anything. I would bet
| that cl-modlisp already does this, but if not it should be pretty
| simple to change.
True, but if you *don't* trust the other users on your server,
local-domain sockets can still be used to protect against them.
As it says in "Unix(4) [FreeBSD, or "unix(7)" on Linux]:
Normal filesystem access-control mechanisms are also applied
when referencing pathnames; e.g., the destination of a connect(2)
or sendto(2) must be writable.
[Note: Some operating systems ignore filesytems permissions for
local-domain sockets; in this case controlling access to the
enclosing directory can be used for protection.]
Rob Warnock <email@example.com>
627 26th Avenue <URL:http://rpw3.org/>
San Mateo, CA 94403 (650)572-2607