From owner-freebsd-questions  Thu May 18 06:17:05 1995
Return-Path: questions-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id GAA07794
          for questions-outgoing; Thu, 18 May 1995 06:17:05 -0700
Received: from wc.cdrom.com (wc.cdrom.com [192.216.223.37])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id GAA07785
          for <questions@FreeBSD.org>; Thu, 18 May 1995 06:17:04 -0700
Received: from localhost (jasper.ncbc.edu [199.86.32.171])
          by wc.cdrom.com (8.6.12/8.6.12) with ESMTP id GAA22127
          for <questions@FreeBSD.org>; Thu, 18 May 1995 06:17:05 -0700
Received: from h002.ncbc.edu (h002.ncbc.edu [199.199.28.2]) by localhost (8.6.9/8.6.9) with SMTP id IAA23219 for <questions@FreeBSD.org>; Thu, 18 May 1995 08:14:27 GMT
Message-Id: <199505180814.IAA23219@localhost>
Date: Thu, 18 May 95 08:13:17 -0700
From: Sean McGee <smmcgee@ncbc.edu>
Organization: North Central University
X-Mailer: Mozilla 1.1N (Windows; I; 16bit)
MIME-Version: 1.0
Newsgroups: alt.security
To: questions@FreeBSD.org
Subject: WWW without httpd
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
Sender: questions-owner@FreeBSD.org
Precedence: bulk

To avoid having to buy, install, and maintain a http server, yet have 
the ability to respond to http request, I did the following.
Please tell me if there are any potential security risks.

(I run FreeBSD 2.0R (4.2BSD))

My /etc/services listens to port 80(default) for http requests.  So in my
inetd.conf I simply add a line:
www  stream  tcp  nowait  root   /bin/cat    cat /filename.html

Now, when an http client contacts that port, the file 'filename.html'
is catted back to them and is performing the function of a
'poor man's http server'

I have now assigned several ports to do the same thing in order to layer
pages.
I have even assigned a .gif file to a port and as long as the http client
is told that it is a gif, then it has no problems displaying it as a gif.
example:
http://some.place.com:80   and   http://some.place.com:80/bogusfile.gif
do the exact same thing, but the client sees the 'bogusfile.gif' and
displays the file as a gif.

My questions are:
What is the catch?  Have I missed something?

Yes, I know.  This is very CHEAP. But it costs nothing.

TIA,

-sean
smmcgee@ncbc.edu
sysadmin@ncbc.edu