From: "Gopher-Project" <gopher-project-bounces+rachael=telefisk.org@lists.alioth.debian.org>
Date: Thu Jan 7 09:40:15 2016
Subject: Re: [gopher] Another batch of Motsognir questions
Hello Mateusz,
many thanks for this, it works like a marvel. This was probably the last
problem on my server, now I'm happy with Motsognir as I was with
Gophernicus.
There was one another minor thing with Motsognir not completing
automatically the itemtype "i" line with \t\tserver\tport when it's
result of a script as it does when it's from plain gophermap. But I
already modified all my scripts to do so, so it's not a real problem,
just notice.
Again - thank you, I never had an author so quickly doing what I wanted :-)
Martin
On 01/06/2016 08:14 PM, Mateusz Viste wrote:
> Hi,
>
> I implemented a new configuration token inside Motsognir, called
> PubDirList. This is a list of "non-gopher root directories that are
> allowed to be served". It's on Motsognir's svn as of now, so feel free
> to grab it already. I believe it provides a graceful solution to the
> problem you described earlier.
>
> It should be as simple as adding this to the Motsognir's configuration
> file:
>
> PubDirList=/var/ftp/pub
>
> If you have more than one such directory, then:
>
> PubDirList=/var/ftp/pub:/var/other/stuff
>
> enjoy! :)
>
> Mateusz
>
>
>
> On 04/01/2016 15:20, Martin Kukac wrote:
>> Hello Mateusz,
>>
>> thanks for the quick response.
>>
>> 1. Even though I'm from Mac back on PC for most of the time, I still
>> forget about extensions :-) Scripts had the correct permissions, correct
>> shebang and when I tried to run them from bash, they worked. Gophernicus
>> apparently didn't care about extensions and just used whatever output
>> executable file returned. After renaming to *.cgi everything works, so
>> for me it's solved.
>>
>> 2. For me both variants are OK, the list of "gopher-served directories"
>> sounds more secure though, so I would go with that.
>>
>> Martin
>>
>>
>>
>> On 01/04/2016 01:29 PM, Mateusz Viste wrote:
>>> Hi Martin,
>>>
>>> 1. The extension of the file matters. Try renaming your *.sh to *.cgi -
>>> does it work then? Do not forget to have the file marked as executable
>>> (chmod +x) and declare a correct shebang inside it (#!/bin/sh)
>>> How would you see it done another way? I'd be willing to adapt this if
>>> there's a way that would be significantly more user friendly.
>>>
>>> 2. Indeed motsognir doesn't allow to access anything that is not inside
>>> the gopher root, because... well, just because :) if something is not
>>> inside the gopher root, then it's not supposed to be offered by gopher.
>>>
>>> If you think it would be useful, I can add a feature that would disable
>>> symlink resolution while performing evasion detection checks. OR - maybe
>>> better - allow to declare a list of "gopher-served directories", where
>>> you could declare all non-gopher-root directories that are likely to be
>>> served via symlinks - what do you think?
>>>
>>> Mateusz
>>>
>>>
>>>
>>> On 04/01/2016 12:55, Martin Kukac wrote:
>>>> Hello and happy new year to all!
>>>>
>>>> I have some further questions about how (and why) Motsognir works. Even
>>>> though I could send it directly to Mateusz, I'm asking here, because it
>>>> may help others in the future. I hope y'all don't mind.
>>>>
>>>> 1. external scripts
>>>>
>>>> On my gopher server I have bash, perl and PHP scripts and the do not
>>>> behave the same way. I include all of them in the gophermap using "=",
>>>> all of them have 755 permissions, but only PHP seems to work.
>>>>
>>>> To test it I placed this in the gophermap:
>>>>
>>>> =test.pl
>>>> =test.sh
>>>> =test.php
>>>>
>>>> All files had just a single line of code, printing "iTest.PL",
>>>> "iTest.SH" and "iTest.PHP". The resulting gophermap returned to client
>>>> only the output contained only PHP output, in /var/log/messages I found
>>>>
>>>> Jan 4 12:34:47 i-logout journal: motsognir [46.13.138.74][11235]:
>>>> running server-side app '/var/gopher/test.php'
>>>>
>>>> Nothing else. What am I missing? I can rewrite all scripts to PHP if I
>>>> have to, but isn't there another way?
>>>>
>>>>
>>>> 2. directories outside GopherRoot
>>>>
>>>> When using Gophernicus, I had some directories all over the filesystem
>>>> symlinked to GopherRoot and listed through gopher. Motsognir seems to
>>>> prevent this because it thinks it is evasion attempt:
>>>>
>>>> Jan 4 12:50:44 i-logout journal: motsognir [46.13.138.74][11396]:
>>>> Requested resource: /software/ / Local resource: /var/gopher/software/
>>>> Jan 4 12:50:44 i-logout journal: motsognir [46.13.138.74][11396]:
>>>> Evasion check: path '/var/gopher/software/' (/var/ftp/pub/) do not seem
>>>> to belong to '/var/gopher/'
>>>> Jan 4 12:50:44 i-logout journal: motsognir [46.13.138.74][11396]:
>>>> Evasion attempt. Forbidden!
>>>>
>>>> Is this necessary? I can't imagine how there could be symlinked folder
>>>> without my knowledge, so this could be probably allowed.
>>>>
>>>> Thanks for the help.
>>>>
>>>> Martin
_______________________________________________
Gopher-Project mailing list
Gopher-Project@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/gopher-project
Thread start
(DIR) [gopher] Another batch of Motsognir questions
(DIR) Followup: Re: [gopher] Another batch of Motsognir questions