

A web server in a shell script - chaosmachine
http://www.debian-administration.org/article/371/A_web_server_in_a_shell_script

======
cosgroveb
The author points this out but it probably bears repeating: this
implementation is insecure as it exposes your entire filesystem to anyone who
can connect to your port 80. Use with caution :)

~~~
adamdecaf
The joy of VM's.

~~~
adambyrtek
Yeah, you should totally deploy a separate virtual machine just to serve files
from a toy Bash web server (irony).

~~~
scotth
He's right. The joy of VMs is that they let you play while throwing caution to
the wind. Tone down the snarkiness.

~~~
adambyrtek
Virtual machines are great for isolation and defense in depth, _not_ as the
only security measure. It's like believing that a firewall will magically
solve all your network security problems.

For experiments relying on that is fine, but not for anything more serious.

------
tlrobinson
See also: <http://github.com/tlrobinson/wwwoosh>

It includes a netcat-based webserver written in bash (that speaks CGI) as well
as a Sinatra-like micro "framework" for shell (that also speaks CGI) that lets
you do things like this:

    
    
        get "/DeanMartin.jpg" dean_handler
        function dean_handler () {
            header "Content-Type" "image/jpeg"
            cat "DeanMartin.jpg"
        }
    

Unfortunately I haven't figure out a way to get rid of that placeholder
function name (e.x. "dean_handler" above). Ideas?

------
zbanks
Bash is awesome.

This is one of my favorite bash scripts, it's an IRC bot in about 12 lines:

<http://inamidst.com/code/shellbot>

It's also pretty easy to add other commands & extend.

~~~
roder
Unix is awesome.

I recently had lunch with a friend and I asked him about if he was planning
new features their key/value store and I loved his answer: (paraphrased)

 _I'm a unix-guy. I want small bits of software that does one thing and does
it really well._

His point was that software these days is rarely "finished". However in Unix
so much of the software are small pieces. Each piece does one job and does it
well. Then you can fit those pieces together in all sorts of configurations to
do new and interesting things.

~~~
iuguy
The unixlike nature of certain tools is what makes the Unix architecture more
or less unique. Look at binutils and you'll find heaps of tools with amazing
abilities like dd, cat and echo. For me, vim wins over emacs precisely because
ultimately it's an editor. Emacs for me is a whole operating environment like
Gnome (although I use both and appreciate that vim can be heavily extended).

------
robertduncan
I prefer:

cd $WEB_DIR; python -m SimpleHTTPServer

~~~
JonnieCache
twistd -n web --path .

for evented goodness.

------
LiveTheDream
> you don't want the hassle of installing the full Apache package
    
    
        sudo apt-get install apache2
        sudo vim /usr/lib/cgi-bin/hello_world
        sudo chmod a+x $_
    

Not _that_ much of a hassle.

~~~
mariana
Install Apache on a VPS with 64MB or 128MB of RAM is a hassle.

~~~
haldean
Okay, replace the first line with:

    
    
        sudo apt-get install lighttpd

------
drv
This is a neat hack, but the title is a little misleading - most of the real
work is handled by inetd, not the shell script.

~~~
silentbicycle
_Should_ every server re-implement inetd, though? Why not let that handle
connections, daemontools/runit handle process supervision & logging, and focus
on what you're actually trying to do?

You don't need OOP for reusability.

In the few cases where scalability matters, you can re-implement the relevant
behavior, but that's a performance trade-off.

------
cstross
cat "$filename"

...

Oh dear. Ohdearohdearohdear.

Now all we need to do is make sure that the first character in $filename is
"&" followed by some privilege escalation exploit and ...

(Am I missing something?)

~~~
rix0r
Well the variable expansion _is_ quoted, so afaik it could only be interpreted
as a single argument to cat.

~~~
Erwin
The double quote quoting, while allowing you to do e.g. rm "file with spaces"
still expands $ and `. Compare:

echo none:`date`

echo double: "`date`"

echo single: '`date`'

~~~
js2
But it doesn't expand recursively, so "$var" is safe to protect against
special characters in var. That said, one should really read one's shell's
documentation, because there be dragons.

