[PATCH v5 9/9] httpd: disable execv call when applets are forced
Nadav Tasher
tashernadav at gmail.com
Thu Jan 30 11:50:28 UTC 2025
On Thu, Jan 30, 2025 at 09:07:10AM +0000, Ron Yorston wrote:
> Nadav Tasher <tashernadav at gmail.com> wrote:
> >Since httpd needs to execute a binary, we would not like
> >it to succeed when busybox is configured not to execute
> >external binaries.
>
> Since FEATURE_FORCE_APPLETS will always result in CGI scripts failing
> there's no point in enabling FEATURE_HTTPD_CGI.
>
> How about this instead:
>
> diff --git a/networking/httpd.c b/networking/httpd.c
> index 872bab6b5..a479378c2 100644
> --- a/networking/httpd.c
> +++ b/networking/httpd.c
> @@ -154,7 +154,7 @@
> //config:config FEATURE_HTTPD_CGI
> //config: bool "Support Common Gateway Interface (CGI)"
> //config: default y
> -//config: depends on HTTPD
> +//config: depends on HTTPD && !ENABLE_FEATURE_FORCE_APPLETS
> //config: help
> //config: This option allows scripts and executables to be invoked
> //config: when specific URLs are requested.
>
> Cheers,
>
> Ron
That also works.
I'll add it to my patchset along with a comment to explain it.
Nadav
More information about the busybox
mailing list