Subject: Re: Modlisp for newbies by a newbie
From: (Rob Warnock)
Date: Sat, 17 Jun 2006 05:50:25 -0500
Newsgroups: comp.lang.lisp
Message-ID: <>
Thomas F. Burdick <tfb@conquest.OCF.Berkeley.EDU> wrote:
| (Rob Warnock) writes:
| > Looks useful! Do you know how hard it is to get it to work with
| > local-domain (a.k.a. Unix-domain) sockets (AF_LOCAL or AF_UNIX)?
| > Many people prefer to use that when the Lisp process is on the
| > same server as Apache, to avoid the risks of having yet another
| > AF_INET socket open (the "port 3000" in your example).
| If you trust the other users on your server, and you bind the socket
| to the loopback interface, you're not risking anything.  I would bet
| that cl-modlisp already does this, but if not it should be pretty
| simple to change.

True, but if you *don't* trust the other users on your server,
local-domain sockets can still be used to protect against them.
As it says in "Unix(4) [FreeBSD, or "unix(7)" on Linux]:

    Normal filesystem access-control mechanisms are also applied
    when referencing pathnames; e.g., the destination of a connect(2)
    or sendto(2) must be writable.

[Note: Some operating systems ignore filesytems permissions for
local-domain sockets; in this case controlling access to the
enclosing directory can be used for protection.]


Rob Warnock			<>
627 26th Avenue			<URL:>
San Mateo, CA 94403		(650)572-2607