On Thu, Sep 21, 2006 at 09:31:45AM +0200, Georg Gollmann wrote:
> Am 21.09.2006 um 03:31 schrieb John M McIntosh:
> >Lastly if you dig about in the os-x unix roots you'll find sudo so  
> >you can set a squeak process to run as super user to get access to  
> >ports < 1024 and the user does not have to be admin. However this  
> >is not a good solution you might consider some more research to see  
> >how to avoid running squeak as root.
> 
> One technique I use (with GemStone on Linux) is to use the firewall  
> to map the privileged port number to an unprivileged one.
> On Linux with iptables the spell for the "nat" table is for example
> >-A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8008

That's a good suggestion.

Running the Squeak VM as root means that absolutely everthing that
happens in Squeak is done will full root privileges. Don't do that.

In principle, you could also have a plugin with a primitive to
change the effective user ID for the running VM, such that you
could temporarily ask for root privilege long enough to get access
to the socket (see the unix man page for setuid). But this requires
installing the Squeak VM with special permissions, and it hardly
seems worth the trouble if you can remap the ports in some way.

Dave