m

Surf

public

0 stars

0 forks

0 issues

Commits

List of commits on branch master.

Unverified

bb4725b4ba08d2f06869a73ba527461206172ac7

Add libraries for `cabal build`

committed 12 years ago

Unverified

a338ac60d37022bfa7804d263e16ff9b2678ed35

Add partial HTTP downloads

committed 12 years ago

Unverified

1dc348a0c2b17c7aacb521c2c213f55b97fa9e0e

Remove conf.ini from git

committed 12 years ago

Unverified

a734ff2bda64312ddd2ce371b2b2906ed54a5748

Add README.md

committed 12 years ago

Unverified

517fc2f3e2c618d7e12078129de5b973dfc363bd

Print "Started listening …" after listening start

committed 12 years ago

Unverified

86f700d8e1b34715cabb6a8323247751afe170e2

Add `setuid` to drop privileges (change user)

committed 12 years ago

README

The README file for this repository.

Surf

Surf is a small, experimental webserver written in Haskell.

Security issues

Surf should not be considered safe.

In principle you should use authbind or privbind when setting Surf up on port 80. I could not get this to work.

Instead Surf drops priviledges via setuid. That is, it switches to the user specified in the configuration (conf.ini).

References http://stackoverflow.com/questions/394984/best-practice-to-run-linux-service-as-a-different-user http://stackoverflow.com/questions/9330367/how-to-configure-jenkins-to-run-on-port-80 http://kvz.io/blog/2009/12/15/run-nodejs-as-a-service-on-ubuntu-karmic/ http://hackage.haskell.org/trac/ghc/ticket/3910

To bind to port 80 without using sudo use the package authbind $ touch /etc/authbind/byport/80 $ chown www:www /etc/authbind/byport/80 $ chmod u+x /etc/authbind/byport/80
$ sudo -u www authbind --deep runhaskell Surf.hs
To bind to port 80 without using sudo use the package privbind
$ sudo privbind -u 1000 -g 1000 runhaskell Surf.hs