|
google site
|
|||||||
| Forums | Register | Blog | Man Pages | Forum Rules | Links | Albums | FAQ | Users | Calendar | Search | Today's Posts | Mark Forums Read |
|
|
| UNIX for Dummies Questions & Answers If you're not sure where to post a UNIX or Linux question, post it here. All UNIX and Linux newbies welcome !! |
 |
Powered by 
|
|
|
Thread Tools | Search this Thread | Display Modes |
|
#1
05-05-2009
|
|||
|
|||
|
permission to bind a socket to port 843?
I have written a flash socket security file server in PHP. The basic idea is that when Flash Player connects via socket to a server, the first thing it does is connect to port 843 and send a request for a 'socket policy file' by sending the string <policy-file-request/>.
The problem I have is that in order to launch this daemon script, I apparently need root level access in order to bind a socket to any port under 1024. Can anyone recommend some way to let this php script bind to port 843 without needing root-level access? That seems like a big security risk to me -- especially if I want to launch this daemon using a php page hosted by apache. giving apache root-level access sounds like a VERY BAD idea. |
| Sponsored Links | ||
|
|
|
#2
05-05-2009
|
|||
|
|||
|
Sadly, you are likely stuck starting up as root.
Other daemons start up as root, then listen to their < 1024 port, then they change user id to the user that they are supposed to be for the rest of the session. The only other easy alternative is to choose a higher port number. |
|
#3
05-05-2009
|
|||
|
|||
|
Thanks for your response.
Unfortunately, Flash is hard-wired to connect to 843 when looking for a socket policy file. If it fails to find a server on that port, it will try to find a policy file on the port it is trying to connect to, so you can build policy file handling into your application. This doesn't really work for me as I have written an AMF3-based protocol for my application server and to get a string that says "<policy-file-request>" rather than a 4-byte length indicator makes things pretty complicated. That approach you describe sounds like something I eventually must do. I'd like the policy server daemon to be like Apache or MySQL in that it starts up when the machine reboots -- so you don't have to manually start it, etc. Can you point me toward any resources which might explain how I could set up my script as a startup daemon which runs as root and then relinquishes its permissions? |
|
#4
05-06-2009
|
||||
|
||||
|
Does Flash send a full HTTP request surrounding <policy-file-request/> ? Or just the string itself? If it's a full HTTP request, could you configure your Apache to load an additional VHost, which listens on Port 843? If so, create a small CGI script that always returns your policy file.
|
|
#6
05-06-2009
|
|||
|
|||
|
Quote:
|
| Sponsored Links | ||
|
|
|
| Bookmarks |
| Tags |
| daemon, flash, permissions, security, socket |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Python: Bind to port 80 as root, then drop privileges? | Ilja | Shell Programming and Scripting | 0 | 01-19-2009 03:10 AM |
| Socket bind fails | ronyantony | UNIX for Dummies Questions & Answers | 0 | 06-11-2008 12:15 AM |
| How to allow nonroot user to bind to port 80 | 98_1LE | Solaris | 10 | 07-13-2005 05:02 PM |
| [Problem]Reuse port in BSD socket | Namely | Programming | 1 | 11-28-2003 10:36 AM |
| socket on serial port | kintoo | Programming | 2 | 07-31-2001 03:44 AM |
Linear Mode
