2012-11-04

Website Now Served By Go

I’m now serving this website using the following Go code:

package main

import "net/http"

func main() {
    panic(http.ListenAndServe(":80", http.FileServer(http.Dir("/home/cberry/blog/public"))))
}

I had to use setcap with capabilities(7) to get this to work on port 80, since I haven’t been able to figure out how to modify or write the Go code to bind to port 80 and then drop privileges afterwards. Arguably capabilities is the better tool, as it doesn’t require me to switch to root initially to run the process, before dropping privileges. However, it is also less familiar to me, so I’m not as certain that I’m not leaving some other kind of security hole through my ignorance.

Binding Privileged Port with Setcap

Here is the command I had to run to allow an executable to bind to port 80 without running the executable itself as root:

setcap 'cap_net_bind_service=+ep' <executable_file>

I’m not sure whether you would also have to include the "inheritable" flag for it to work on a multithreaded executable or not. Also, the file must be a true executable, it will not work if it is a shell script or file being executed via an interpreter without additional steps.

setcap is in package libcap2-bin in Debian and Ubuntu. It installs in /sbin and setcap itself must be run as root (or via sudo I suppose).

Website Generator Rewritten Using Go

I have now completed the rewrite of my blog generation software in Go. I’ll have more analysis of the comparison with other languages at some point.

C# Release Handle (Pointer)

Here are links to how to release an IntPtr:

Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s