[0xbadcafebee]

> No one should ever run a Bash script under CGI. It’s almost impossible to do so securely, and performance is terrible.

Actually shell scripting is the perfect language for CGI on embedded devices. Bash is ~500k and other shells are 10x smaller. It can output headers and html just fine, you can call other programs to do complex stuff. Obviously the source compresses down to a tiny size too, and since it's a script you can edit it or upload new versions on the fly. Performance is good enough for basic work. Just don't let the internet or unauthenticated requests at it (use an embedded web server with basic http auth).

[kragen]

Easy uploading of new versions is a good point, and I agree that the likely security holes in the bash script are less of a concern if only trusted users have access to it. However, about 99% of embedded devices lack an MMU, much less 50K of storage, which makes it hard to run Unix shells on them.

[0xbadcafebee]

Busybox runs MMU-less and has ash built in. It also has a web server! It can be a little chonky but you can remove unneeded components. Things like wireless routers and other devices that have a decent amount of storage are a good platform for it

[kragen]

Yeah, a lot of wireless routers would have no trouble. A lot of them do in fact have MMUs. I wonder if you could get Busybox running on an ESP32? Probably not most 8051s, though, or AVR8s.

[0xbadcafebee]

Looks like the ESP32-S3 model works with modern Linux (it's so bloated compared to the old 2.0/2.2/2.4 branches...)

The other option seems to be Apache NuttX as an RTOS (runs on all ESP32), and then Busybox w/hush or Toybox w/toysh. The more shell features you need, the more space it's gonna take, but technically 64 kB flash is possible.

[kragen]

Neat, thanks!