Package: ejabberd Version: 1.1.2-6 Severity: important
If you try to configure ejabberd to bind to port 80 or 443, by modifying ejabberd.cfg, the following behaviour is observed: - you can successfully start the process - ejabberd binds to configured ports above 1023 - ejabberd is not bound to configured ports below 1024 The bug: no error is generated to say why the ports below 1024 are not bound Ultimately, it is failing to bind to ports below 1024 because it is started as the user ejabberd instead of the user root. Corrections: - documentation (README.Debian) should inform the user that it is not possible to bind on port 80 or 443 because the process is not running as root - ejabberd should log an error and possibly refuse to start if any of the configured ports can not be bound successfully - there should be a feature that allows ejabberd to start as root, bind to the required ports, and then change to the ejabberd user (similar to the way the `named' process behaves) Why this is important, documentation: - for usage of Jabber to spread, we must make it easy to get through firewalls - many corporate firewalls, by default, will only allow the `HTTP Connect' proxy method to connect to servers on port 443 - configuring ejabberd to listen on port 443 is a very effective way to allow incoming connections from users who are behind firewalls -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.26 Locale: LANG=C, LC_CTYPE=C (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US) Versions of packages ejabberd depends on: ii adduser 3.102 Add and remove users and groups ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy ii erlang-base 1:11.b.2-4 Concurrent, real-time, distributed ii erlang-nox 1:11.b.2-4 Concurrent, real-time, distributed ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries ii libexpat1 1.95.8-3.4 XML parsing C library - runtime li ii libssl0.9.8 0.9.8c-4etch1 SSL shared libraries ii openssl 0.9.8c-4etch1 Secure Socket Layer (SSL) binary a ii ucf 2.0020 Update Configuration File: preserv ii zlib1g 1:1.2.3-13 compression library - runtime ejabberd recommends no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
