07:13 pm - Okay... I'm officially geeking out now.
Building a web server from scratch with very
unique properties, so it's easier to build anew than try to retrofit onto an existing platform unless I want some seriously-wasted memory and file-system space.
Specifically, it's meant to be used to 'catch' web access attempts and handle logging in unknown users via a username/password combination. More generally, the username is ignored, and only used for logging reasons, the password is meant for a given event, and pretty much event-wide. It's all plain-text, but sniffing isn't really an issue for the intended deployment targets, and the added processing-power for encryption is overhead we actually have a reason to avoid.
Two threads, a master 'root priv' thread, with a secondary 'web server' thread, with the code segment marked read-only, and the secondary thread not having the privledges to change the read-only attribute on that code. The 'web server' thread is chrooted, and setuid/setgid to a non-privledged user, and generally buried in a directory mounted read-only from a ROMFS with no access whatsoever.
Communications are nice and simple between the threads, with the web thread having a single page of memory it can write to, where it can add a single MAC address, enable it's own SIGUSR1 and SIGALRM handlers, then SIGUSR1 the root thread, set a 30-second alarm(), and pause(). That causes the root thread to pick up and process the one MAC address, zero out the buffer, and SIGUSR1 the web thread to 'wake it up' again.
Lemme guess... I just killed an anthill with an ICBM, didn't I?0 comments