💾 Archived View for gemini.jorl.fi › gemlog › bug captured on 2024-03-21 at 15:14:23. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
I found yesterday a bug on my gemini server. I proceeded to smash it as fast as I could. Here's the proof:
Oh my, there is a bug in displaying the image of the bug...
Jokes aside, I have successfully improved my server a little bit. I originally wanted to write my own server, because I wanted the power to tweak the content and its serving to my liking. Finally I have reached ultimate tweakiness! My server executes now executable files when requested. They get the query string of the requested URL through their STDIN, and their STDOUT is served to the user.
This is obviously incredibly risky. A lot riskier than smashing a six-footed creature sitting peacefully on my server. A path traversion attack would escalate directly to a remote execution attack. Not to mention how easy it is to not validate user input properly or not quote a bash variable.
While I enjoyed programming my self-caused Troyan horse, programming non-blocking code with Rusts 'openssl'-crate has been a pain in the ass. I'll have to find another solution. Maybe I should give 'tokio' and 'tokio-openssl' a go.
