id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,difficulty 448,Spiffy: allow code to be executed after dropping privileges and before accepting connections,Mario Domenech Goulart,,"Currently there is no straight forward way to make Spiffy execute code after it drops privileges and before accepting connections. One use case for this would be applications which use spiffy as HTTP server (like awful). The awful workflow is: {{{ (read/parse-command-line-options) (load-given-applications) (start-server) }}} To be able to use privileged ports (e.g., 80), the awful process has to be executed as root, so it can call Spiffy's {{{start-server}}} with enough privileges to listen on privileged ports. The privileges dropping part is also done in {{{start-server}}}. There's no entry point for code to be executed between dropping privileges and accepting connections. So, in the awful workflow, {{{(load-given-applications)}}} loads applications as root, which is a bad thing. The solution would be modifying spiffy in a way it calls a procedure after it drops privileges and before it accepts connections. An implementation option would be a parameter and/or a keyword argument for {{{start-server}}}. Another option would be splitting the implementation of {{{start-server}}}, so that we can separate the privileges dropping part from the connections accepting part. We'd have at least two procedures which could be called by users, possibly with custom code between them. For backward compatibility, {{{start-server}}} could be kept by calling the new procedures in sequence.",enhancement,closed,major,4.9.0,extensions,4.6.x,fixed,spiffy,,