davidaparicio
commented
12 years ago I totaly agree! We must used privileges only for the port. And if we don't give theses rights, node.js must listening on a other port > 1024 (like 1337).
Open jankeromnes opened 12 years ago
davidaparicio
commented
12 years ago I totaly agree! We must used privileges only for the port. And if we don't give theses rights, node.js must listening on a other port > 1024 (like 1337).
jankeromnes
commented
9 years ago A few solutions for this: http://syskall.com/dont-run-node-dot-js-as-root/
Notably:
iptables to redirect ports 80 and 443 to higher ports such as 3080 and 3443
Files and metadata are written on disk as
root. This is horrible. We should fix this. Administrator privileges should only be used on what they're asked for, namely listening on a port < 1024.Side note: The title of the issue is a reference to EFF's new coder's rights sticker https://eff.org/r.3abJ