1. 21

  2. 10

    This is probably good thread to mention BCHS, it’s a sane software stack comprised of OpenBSD, C, httpd and SQLite.

    1. 5

      A related rabbit hole that goes deep

      1. 5

        That is more of a parallel path, as BSD awk’s usually don’t implement these GNU awk extensions.

      2. 3

        I implemented a build-log parsing web app that would show which parts of the build failed using awk cgi. I’ll be really honest, I don’t recommend it. AWK is great if it is all you have, but compared to something like, python, perl, javascript, etc, it isn’t very pretty to build big parsers in, that correctly emit json or html. I can recommend CGI as a whole though, it’s great for quickly adding a hacky api to any service, especially if it is internal or has low volume. A lot of the stuff at my work is implemented like this since the engineering org is maybe ~25 people.

        Also, why the chroot? hopefully this behavior can be turned off. trying to copy over the interpreter and hoping ldd catches all the linked components seems troublesome for no real benefit. what would the scripts even usefully do in such a limited context?

        1. 5

          httpd with chroot is the default on OpenBSD. The philosophy is: why give an attacker able to compromise your web-app access to your entire system?

        2. 1

          Nice reminder how ubiquitous environment variables were (and still are).