On 2021-03-28 18:14, Omar Polo wrote:
Paul W. Rankin <[email protected]> writes:
The cgit about-filter doesn't want an executable to do e.g. the
Markdown conversation, rather it wants a script that will return the
command to perform this, e.g.:
#!/bin/sh
case "$1" in
(*.md) exec /bin/lowdown ;;
(*) exit ;;
esac
This works, i.e. README.md files are converted to HTML, but this
requires copying the sh binary into /var/www/bin, which is the
troubling part.
Is this an acceptable thing to do, security-wise?
I don't know almost anything about cgit, but if that's really the
problem you could statically-link a program that does the above (just a
call to execl("/bin/lowdown", NULL); may be enough) and use that.
Thanks Omar, I like this approach! I'm pretty green to C so this is what
I have (which doesn't work):
#include <unistd.h>
int main(void) {
execl("/bin/lowdown", NULL);
}
There is no HTML render but at least no errors, but cgit expects the
resulting HTML printed to STDOUT, so I wonder whether this requires a
return?
