How to run a DOS-based web server
lunduke.locals.comWith no intention of one-upping the original post, people who find this enjoyable may also check out https://secretgeek.net/dod_intro
This can’t be actual DOS, can it? It’s running Windows batch files or something?
Each time DoD pops up, someone questions the authenticity of the `dos` label — and I remain unsure of the correct response.
I think for now I’ll say —
If you believe a more authentic DoD can be created, I agree and I’ll be its first fan. I’m at the point where I think — if it’s worth being pointed out then it’s worth implementing. Bring it!!
I am literally asking whether this can run on DOS. It’s become clear that it can’t, and words mean things. Given the article is about running web servers literally on DOS, I think we can safely say it’s been brought.
Modern Windows command line is not DOS.
In my defence, Ruby on Rails contains no actual rubies or any actual rails.
Hey, I've been following your blog since forever. So happy to see you reply here.
Yes, and a lot of the functionality it uses isn't available in real DOS. It's a bit like in the UNIX world the difference between bash and sh, perhaps more so.
> This can’t be actual DOS, can it?
Not with that attitude it can't.
I thought at first it's gonna be redbean (https://redbean.dev), but turns out Cosmo/APE (despite the .com file extension) "only" supports x86-64/Windows.
I like the idea of using the attached screen to scroll logs / show stats. My next server build has a 9" touchscreen on the front panel, and I'm looking for ideas on what (&how) to show there.
(sort of) related ongoing thread:
DOS on Dope: The last MVC web framework you'll ever need (2010) - https://news.ycombinator.com/item?id=38706483 - Dec 2023 (18 comments)
So, someone needs to integrate this with https://github.com/MatthewCroughan/NixThePlanet, of course.
("Run macOS, Windows and more via a single Nix command, or simple nixosModules", aka, declarative DOS VM images)
That's nice but you can't run the Web server in the background can you? So you need to terminate it to edit index.htm?
Could you use DesQView or similar to multi-task it?
That's what I did back in the day, FrontDoor + RemoteAccess under DesQView.
Microsoft Windows will let you multitask DOS applications
They use a VM so I assume you'd simply edit offline then redeploy the machine.
you would need to make it a TSR
Better sandbox the webserver in WebAssembly
It's cool and all, but does FreeDOS support something similar to Data Execution Prevention? I know MS-DOS probably don't have it, and searching "'FreeDOS' 'Data Execution Prevention'" on DuckDuckGo yielded no result.
Serious answer to silly question: DOS applications have full control over the hardware, so it's entirely up to them. In real / V86 mode, there is no distinction between code and data pages, however you can have separate segments for code, data and stack.
There are separate CPU instructions for "near" and "far" jump/call/return, and if all code fits into a single 64K segment ("small model"), there would be no need to ever have the "far" version of these instructions in your code. So if for example a return address or function pointer were overwritten, there would still be no way for an attacker to execute data, since it is in a different segment and all control transfer would be limited to the current code segment.
A lot of the more modern software included in FreeDOS is compiled with GCC and uses a flat 32-bit address space, so it doesn't have that protection. Most of it is command line utilities ported from UNIX-like systems, with even the most trivial of them being more than 100K in file size - IMO this goes very much against the "spirit" of DOS!
It should be possible to modify the compiler and runtime library to use separate segments for code and data. Since there is no size limit in 32-bit mode, there would be no need for far pointers, just two separate address spaces. Of course the UNIX and RISC zealots don't like this because it isn't portable to every other CPU, as if that matters somehow.
Enabling page-based DEP would also be theoretically possible, but require even more effort, I think. And for what purpose?
The question might looked silly now, but the originally submitted title was "How to run a DOS-based Web Server (seriously)". Which is still the title of the article.
Since it was including the word "seriously", I thought maybe I should just ask about it for sure. It's not really fun if it's a simple web page hosted on FreeDOS one fine day, a hacked BIOS another.
I got it, it's a fun project made for fun, but still, security is always something to think about.
I learned it the hard way from my childhood SOCKS 5 proxy experiment where I tested a SOCKS 5 proxy on public network. Long story short, within 2 days of running it, one guy discovered the port via scanning, proxied it to login to my ISP account without a password (that's how the ISP set it up), and then stole all the funds in it by purchasing value add-on services for himself. It was a seemingly an all harmless and fun experiment until that happened.
My point it, if the OS don't support such basic security feature (and many other security features), maybe it's just not worth the effort? (other than just-for-fun of course)
Maybe not. COM files were, more or less, data.
You're not going to do this for security. It's purely for fun :)
Gopher support?
Cute article, but I'm not quite sure how you missed the mTCP HTTPServ program ...
What happens if you DOS a DOS server?
Cuatro
Jajajaja
I fail to see the point.
Fun experimentation