Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

RE: CVS commit: src/libexec/httpd



Haai,

On Wed, October 17, 2007 00:08, Karsten Kruse wrote:
> Mindaugas R. schrieb:
>
>[snip]
>>> Import of bozohttpd for its originally intended purpose: a small (~30k)
>>> simple run-from-inetd httpd suitable for small systems (and some large
>>> ones).
>
> This httpd works fine with NetBSD and is only ~1,5 k:
>
> #!/bin/sh -e
>
> # httpd.sh - Very small webserver
> # Karsten Kruse 2004 2005 www.tecneeq.de
>[snip script]

This approach has multiple issues:

1) It's typical shell code. I can identify loads of problems with the coding
   style affecting actual execution; some of them form well-known security
   holes that are trivial to exploit;
2) Does not approach nor exceed the capabilities of bozohttpd;
3) Interpretation causes excessive CPU load.

As for points 1 and 3: I'm currently working on it. However, in the mean
time, we'll have to take a more conservative approach.

> MFG,
>
> Karsten Kruse
>
> --
>
>    ()
>   <\/>           GPL-guy: "Argh, they used my code! :-/"
>   _/\_           BSD-guy: "Cool, they used my code! :-)"

Ha!

Baai,

De Zeurkous
-----------

Friggin' Machines!




Home | Main Index | Thread Index | Old Index