ugh, web

I dislike writing CGI crap so much that it's really amusing that I'm writing a wiki.

Today I did most of the CGI parts of ikiwiki -- page editing in a web browser (with commit back via svn) and RecentChanges (pulling the logs out of svn). Still have to add logins to avoid spam, and after that I think I'll be done with the CGI side for now. It is nice to have the web-based editing interface for minor fixes to a wiki, though I've also found it very nice to be able to edit pages in vim for longer writing sessions.

I did come up with something interesting today when I wasn't doing all this CGI stuff. Since ikiwiki often needs to run with different privs than its invoker (to rebuild a wiki in a post-commit hook, or to check in a wiki page from CGI), I came up with an interesting way to securely run it setuid.

Pass ikiwiki --wrapper along with any other parameters, and it will emit a wrapper binry that is hardcoded to only run ikiwiki with those parameters. Dynamically programmed in C and compiled on the fly of course. The wrapper is designed to be completly safe to make setuid, and can be dropped into a post-commit hook, or cgi-bin, or whatever.

You can also regenerate a wrapper with ikiwiki $(./wrapper --params) --wrapper, which is useful for changing a param. So the wrappers have sort of turned into ikiwiki's equivilant of a configuration file, which it otherwise lacks.

I suppose I might as well put publish ikiwiki's documentation wiki already.