From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp-2.sys.kth.se (smtp-2.sys.kth.se [130.237.32.160]) by krisdoz.my.domain (8.14.3/8.14.3) with ESMTP id pAOLYCR2018335 for ; Thu, 24 Nov 2011 16:34:13 -0500 (EST) Received: from mailscan-1.sys.kth.se (mailscan-1.sys.kth.se [130.237.32.91]) by smtp-2.sys.kth.se (Postfix) with ESMTP id E1C6314D847 for ; Thu, 24 Nov 2011 22:34:06 +0100 (CET) X-Virus-Scanned: by amavisd-new at kth.se Received: from smtp-2.sys.kth.se ([130.237.32.160]) by mailscan-1.sys.kth.se (mailscan-1.sys.kth.se [130.237.32.91]) (amavisd-new, port 10024) with LMTP id J5Uinq5V5O2V for ; Thu, 24 Nov 2011 22:34:05 +0100 (CET) X-KTH-Auth: kristaps [83.250.6.251] X-KTH-mail-from: kristaps@bsd.lv X-KTH-rcpt-to: discuss@mdocml.bsd.lv Received: from macky.local (c83-250-6-251.bredband.comhem.se [83.250.6.251]) by smtp-2.sys.kth.se (Postfix) with ESMTP id 85B2414E80D for ; Thu, 24 Nov 2011 22:34:03 +0100 (CET) Message-ID: <4ECEB84A.20203@bsd.lv> Date: Thu, 24 Nov 2011 22:34:02 +0100 From: Kristaps Dzonsons User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0) Gecko/20111105 Thunderbird/8.0 X-Mailinglist: mdocml-discuss Reply-To: discuss@mdocml.bsd.lv MIME-Version: 1.0 To: discuss@mdocml.bsd.lv Subject: man.cgi in "online" mode Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hi, If you're looking at commits and tech@ messages, you'll notice a lot of work in apropos(1) and mandocdb(8). What's not mentioned much is man.cgi, which is similar to existing man.cgi scripts but with the power of our apropos(1) and mandoc(1) as a renderer. To date, I've designed man.cgi to run in "secure" and "insecure" mode. "Insecure" mode is for non-jailed CGI processes, scanning the system's mandocdb(8) (like apropos(1)) and formatting output with mandoc(1). The "secure" mode uses mandocdb(8) databases and a cache of pre-formatted manpages, both kept fresh with the new-born manup(8) utility. One triggers insecure mode by passing the $INSECURE variable to the CGI script. The question is as follows: is an "insecure" mode reasonable? It's a security risk to allow a CGI to fork()/exec() at all, which makes it unlikely for public-facing servers. But it's a hassle to set up and maintain a server just for internal manpages. And do manuals really change so much that on-line rendering is necessary? The "secure" mode cache is freshened with a single command invocation, only updating what's out of date (quickly, at that). My thought is to write a Firefox add-in to do this instead, but it seems that somebody in discuss@-land may have a better idea. Or better yet, might think this idea awesome enough to do on their own -- all the code to interact with mandocdb(8) is already in man.cgi (cgi.c). The benefits are that it kicks some complexity out of man.cgi and lets me focus more on a single purpose, instead of spreading out over two. Of course, this limits to Firefox. I happen to despise Firefox, but am not sure if other solutions beyond a standalone daemon like cupsd. Thoughts? Take care, Kristaps -- To unsubscribe send an email to discuss+unsubscribe@mdocml.bsd.lv