Looking at the source code of httpd.c from busybox 1.20.2 I see this (send_cgi_and_exit, line 1408)
/* User seeing stderr output can be a security problem. * If CGI really wants that, it can always do dup itself. */ /* dup2(1, 2); */ So it looks like it should be doing the right thing already (i.e. not sending the child's stderr to its output) Where is your busybox 1.20.2 coming from? Perhaps there have been 3rd party patches applied to it? Guillermo 2017-03-21 17:37 GMT+01:00 Dirk Lohse <d.lo...@meier-nt.de>: > Hi, > > when i run some cgi's with BusyBox internal httpd and there is some code that > writes to stdout I get the result on the HTTP site - which is desired - > because I produce HTTP-code within this cgi scripts. The output of stderr > instead should not destroy my HTML-code and could be redirected to /dev/null. > > In BusyBox v1.19.4 all was fine. But on BusyBox version v1.20.2 httpd > redirects output from stdout + stderr to the HTML-code. > > I've written a small test script to check this behavior on both versions: > > test.cgi: > #!/bin/sh > > echo "Content-Type: text/plain" > echo "Expires: 0" > echo > > echo "Hello World!" > echo "You should not see this text in your Browser" >&2 > > when I call this script on the older version, I only see "Hello World!", on > the new version instead I see also the last line. > > I've many code and libraries where everywhere an error message or warning > could happen on stdout. So changing all the code is nearly impossible, and > some warnings like "can't open file..." are necessary for debugging. > > My question: How can I tell the httpd to NOT redirect stdout to the website? > > Thanks, > Dirk > > > _______________________________________________ > busybox mailing list > busybox@busybox.net > http://lists.busybox.net/mailman/listinfo/busybox -- Guillermo Rodriguez Garcia guille.rodrig...@gmail.com _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
