On 2021-03-28 18:14, Omar Polo wrote:
> Paul W. Rankin <pwr@bydasein.com> writes:
>> The cgit about-filter doesn't want an executable to do e.g. the
>> Markdown conversation, rather it wants a script that will return the
>> command to perform this, e.g.:
>>
>> #!/bin/sh
>> case "$1" in
>> (*.md) exec /bin/lowdown ;;
>> (*) exit ;;
>> esac
>>
>> This works, i.e. README.md files are converted to HTML, but this
>> requires copying the sh binary into /var/www/bin, which is the
>> troubling part.
>>
>> Is this an acceptable thing to do, security-wise?
>
> I don't know almost anything about cgit, but if that's really the
> problem you could statically-link a program that does the above (just a
> call to execl("/bin/lowdown", NULL); may be enough) and use that.
Thanks Omar, I like this approach! I'm pretty green to C so this is what
I have (which doesn't work):
#include <unistd.h>
int main(void) {
execl("/bin/lowdown", NULL);
}
There is no HTML render but at least no errors, but cgit expects the
resulting HTML printed to STDOUT, so I wonder whether this requires a
return?
No comments:
Post a Comment