[BusyBox] httpd
Glenn Engel at Home
glenne at engel.org
Sun Jan 5 12:58:03 UTC 2003
> > Attached are patches for busybox httpd support against the latest cvs
> > with the new config scheme.
> >
> > Any chance this can be integrated into a future release anytime soon ?
> >
>
> Applied, i havent looked too closely at the code though, i hope its
> relatively secure.
Thanks ! I guess relatively secure it a good description. It should be
free from any internal buffer over-run issues and it does not allow .. in
url requests. It doesn't chroot when executing cgi as this is busybox after
all and I figured it was up to the script writer to worry about what access
the script provided. When authentication is enabled, the server uses a
telnetd.hosts style ip address validation as well as being able to specify
username/password on a url or directory basis by creating a httpd.conf file.
One of the very nice convenience features is that for POST or GET requests
it puts all the arguments into environment variables named CGI_<name>. In
the process it does url decoding so special characters are not represented
as hex anymore. This allows a script to do something like:
if [ "${CGI_myvar" = "something" ]...
I hope to put all this stuff into a man page soon.
--
Glenn
More information about the busybox
mailing list