Menu
I've written my own web server in C. How can I bind it to port 80 without being root so that the security is not being compromised (buffer overflows etc.)?
Should I simply forward any traffic from another "stable" server that runs on port 80?
717
Tomcat can indeed function on port 80, preferably 443, and 8080 is just the 'default' for development. Show activity on this post. Hypertext Transfer Protocol (HTTP) used in the World Wide Web. HTTP Port-80 is used for HTTP (Hyper Text Transfer Protocol) connection by default.
Execute telnet SERVERNAME 80 . Thereby, telnet will connect to the server named SERVERNAME through port 80. If the establishment of the TCP connection is possible, telnet will respond with the messages: Connected to SERVERNAME.
The “problem binding to port 80” error likely means you already have some kind of webserver running on port 80. You would have to stop it first. (If not that, check that you are running letsencrypt-auto via sudo/root).
Using a forward proxy is indeed the easiest and most recommended solution. It also has the advantage of filtering horribly invalid requests before they even reach your self-written server.
In case your application uses the user's ip address for something remember to retrieve it from whatever header your webserver uses (X-Client-IP etc.). However, only do so for requests that really come from your webserver, otherwise users can spoof their IP. You can do so by checking if the request came from your IP and only check the header in this case or simply make your application bind to localhost.
Another solution would be granting the program the CAP_NET_BIND_SERVICE capability. This requires root to use setcap cap_net_bind_service=ep /path/to/the/executable - since the flag is stored in a filesystem attribute, it will be lost when copying the file to another system or recompiling the application.
Of course you could also make your program setuid root and then switch to an unprivileged user right after calling bind(). However, depending on how your program works and what it does this might not be a good idea - for example, if it needs to close and reopen the listening socket for some reason it would require a full restart of the process.
153
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
