]> cat aescling's git repositories - httpd-execline.git/commit
adjust hiding client input to satisfy toybox
authorsingle-right-quote <34298117+single-right-quote@users.noreply.github.com>
Wed, 8 Sep 2021 00:32:50 +0000 (00:32 +0000)
committersingle-right-quote <34298117+single-right-quote@users.noreply.github.com>
Wed, 8 Sep 2021 01:11:08 +0000 (01:11 +0000)
commit4bdf6c469143f404ba12b72aaadbe77d828d8c3b
tree58a25f3d720fb0e2f9b119a3e94cc311e7a8e58e
parent376b498583c13358cad526ad3d43dc5fe35990c7
adjust hiding client input to satisfy toybox

when done reading from the client, we defensively close stdin, to
prevent potential bugs being exploitable to malicious input

toybox opens /dev/null if stdin does not exist, which crashes in a
chrooted evironment. piping in an empty string more or less
accomplishes the same thing as closing stdin would

i really do not know why toybox found this necessary.
visible-to-httpd/binaries/http-error-response.execline
visible-to-httpd/binaries/httpd.execline