ugh, web
I dislike writing CGI crap so much that it's really amusing that I'm writing a wiki.
Today I did most of the CGI parts of ikiwiki -- page editing in a web browser (with commit back via svn) and RecentChanges (pulling the logs out of svn). Still have to add logins to avoid spam, and after that I think I'll be done with the CGI side for now. It is nice to have the web-based editing interface for minor fixes to a wiki, though I've also found it very nice to be able to edit pages in vim for longer writing sessions.
I did come up with something interesting today when I wasn't doing all this CGI stuff. Since ikiwiki often needs to run with different privs than its invoker (to rebuild a wiki in a post-commit hook, or to check in a wiki page from CGI), I came up with an interesting way to securely run it setuid.
Pass ikiwiki --wrapper
along with any other parameters, and it will emit
a wrapper binry that is hardcoded to only run ikiwiki with those
parameters. Dynamically programmed in C and compiled on the fly of course.
The wrapper is designed to be completly safe to make setuid, and can be
dropped into a post-commit hook, or cgi-bin, or whatever.
You can also regenerate a wrapper with
ikiwiki $(./wrapper --params) --wrapper
, which is useful for changing a
param. So the wrappers have sort of turned into ikiwiki's equivilant
of a configuration file, which it otherwise lacks.
I suppose I might as well put publish ikiwiki's documentation wiki already.