Paul W. Rankin <pwr@bydasein.com> writes:
> On 2021-03-28 18:14, Omar Polo wrote:
>> Paul W. Rankin <pwr@bydasein.com> writes:
>>> The cgit about-filter doesn't want an executable to do e.g. the
>>> Markdown conversation, rather it wants a script that will return the
>>> command to perform this, e.g.:
>>> #!/bin/sh
>>> case "$1" in
>>> (*.md) exec /bin/lowdown ;;
>>> (*) exit ;;
>>> esac
>>> This works, i.e. README.md files are converted to HTML, but this
>>> requires copying the sh binary into /var/www/bin, which is the
>>> troubling part.
>>> Is this an acceptable thing to do, security-wise?
>> I don't know almost anything about cgit, but if that's really the
>> problem you could statically-link a program that does the above (just a
>> call to execl("/bin/lowdown", NULL); may be enough) and use that.
>
> Thanks Omar, I like this approach! I'm pretty green to C so this is
> what I have (which doesn't work):
>
> #include <unistd.h>
> int main(void) {
> execl("/bin/lowdown", NULL);
> }
>
> There is no HTML render but at least no errors, but cgit expects the
> resulting HTML printed to STDOUT, so I wonder whether this requires a
> return?
Assuming that the shell script you posted actually works yes, that
snippet (with a small tweak[0]) should work. Make sure it's statically
linked.
For reference, here's how I would do it
$ cat <<EOF > my-cgit-filter.c
#include <unistd.h>
int
main(void)
{
execl("/bin/lowdown", "lowdown", NULL);
return 1;
}
EOF
$ cc my-cgit-filter.c -o my-cgit-filter.c -static
$ # check that it's actually statically linked
$ ldd my-cgit-filter
my-cgit-filter:
Start End Type Open Ref GrpRef Name
000005196d856000 000005196d87b000 dlib 1 0 0 /tmp/my-cgit-filter
--
Cheers
[0]: if you compile your snippet, clang should warning about a missing
sentinel, something along the lines of
> warning: not enough variable arguments in 'execl' declaration to fit a
> sentinel [-Wsentinel]
> execl("/bin/lowdown", NULL);
which should suggest the use of
> execl("/bin/lowdown", "lowdown", NULL);
No comments:
Post a Comment