Lighttpd

which platform? configure.ac/cmake platform check + option?

https://docs.oracle.com/cd/E36784_01/html/E36883/privileges-5.html#REFMAN5privileges-5
https://docs.oracle.com/cd/E36784_01/html/E36874/priv-allocset-3c.html

The patch provided by kukackajiri leaks memory. It is missing a call to priv_freeset().
Additionally, the code should probably priv_fillset() and drop all privileges, known and unknown.

Now then, on Linux, 'man 7 capabilities' have a very different interface to Solaris privileges, and the patch is not applicable.

It would be quite an undertaking to properly provide user-friendly configuration interfaces to various privileging and capabilities systems from different operating systems. To do so only for binding to privileged sockets would be easier, but there does not seem to be a lot of people clamoring, and there are a variety of already existing solutions, including starting as root and dropping privileges, having firewall configured to rewrite packets to unprivileged (high) ports, using a proxy (haproxy, varnish, etc) in front of the web server, using a daemon to provide bound privileged ports (https://github.com/gstrauss/bsock), virtualization (virtual machines and/or containerization), and probably many more options. Of course, there is also operating system specific privileging/capabilities which is the subject of this feature request.

This feature request is not going to be a priority without a compelling argument why this should be built into lighttpd as opposed to provided by any of the external options above. For convenience, lighttpd provides the ability -- if started as root -- to do various privileged actions such as bind to privileged ports and chroot, and then drop root privileges. While that is an option, an even better security design is to have the security privilege layer managed outside of lighttpd instead of adding complexity specifically into lighttpd.