[BusyBox] httpd

Glenn Engel at Home glenne at engel.org
Sun Jan 5 12:58:03 UTC 2003


> > Attached are patches for busybox httpd support against the latest cvs
> > with the new config scheme.
> >
> > Any chance this can be integrated into a future release anytime soon ?
> >
>
> Applied, i havent looked too closely at the code though, i hope its
> relatively secure.

Thanks !  I guess relatively secure it a good description.  It should be
free from any internal buffer over-run issues and it does not allow .. in
url requests.  It doesn't chroot when executing cgi as this is busybox after
all and I figured it was up to the script writer to worry about what access
the script provided.  When authentication is enabled, the server uses a
telnetd.hosts style ip address validation as well as being able to specify
username/password on a url or directory basis by creating a httpd.conf file.

One of the very nice convenience features is that for POST or GET requests
it puts all the arguments into environment variables named CGI_<name>.  In
the process it does url decoding so special characters are not represented
as hex anymore.  This allows a script to do something like:

if [ "${CGI_myvar" = "something" ]...

I hope to put all this stuff into a man page soon.

--
Glenn




More information about the busybox mailing list