From: "Gopher-Project" <gopher-project-bounces+rachael=telefisk.org@lists.alioth.debian.org> Date: Thu Jan 7 09:40:15 2016 Subject: Re: [gopher] Another batch of Motsognir questions Hello Mateusz, many thanks for this, it works like a marvel. This was probably the last problem on my server, now I'm happy with Motsognir as I was with Gophernicus. There was one another minor thing with Motsognir not completing automatically the itemtype "i" line with \t\tserver\tport when it's result of a script as it does when it's from plain gophermap. But I already modified all my scripts to do so, so it's not a real problem, just notice. Again - thank you, I never had an author so quickly doing what I wanted :-) Martin On 01/06/2016 08:14 PM, Mateusz Viste wrote: > Hi, > > I implemented a new configuration token inside Motsognir, called > PubDirList. This is a list of "non-gopher root directories that are > allowed to be served". It's on Motsognir's svn as of now, so feel free > to grab it already. I believe it provides a graceful solution to the > problem you described earlier. > > It should be as simple as adding this to the Motsognir's configuration > file: > > PubDirList=/var/ftp/pub > > If you have more than one such directory, then: > > PubDirList=/var/ftp/pub:/var/other/stuff > > enjoy! :) > > Mateusz > > > > On 04/01/2016 15:20, Martin Kukac wrote: >> Hello Mateusz, >> >> thanks for the quick response. >> >> 1. Even though I'm from Mac back on PC for most of the time, I still >> forget about extensions :-) Scripts had the correct permissions, correct >> shebang and when I tried to run them from bash, they worked. Gophernicus >> apparently didn't care about extensions and just used whatever output >> executable file returned. After renaming to *.cgi everything works, so >> for me it's solved. >> >> 2. For me both variants are OK, the list of "gopher-served directories" >> sounds more secure though, so I would go with that. >> >> Martin >> >> >> >> On 01/04/2016 01:29 PM, Mateusz Viste wrote: >>> Hi Martin, >>> >>> 1. The extension of the file matters. Try renaming your *.sh to *.cgi - >>> does it work then? Do not forget to have the file marked as executable >>> (chmod +x) and declare a correct shebang inside it (#!/bin/sh) >>> How would you see it done another way? I'd be willing to adapt this if >>> there's a way that would be significantly more user friendly. >>> >>> 2. Indeed motsognir doesn't allow to access anything that is not inside >>> the gopher root, because... well, just because :) if something is not >>> inside the gopher root, then it's not supposed to be offered by gopher. >>> >>> If you think it would be useful, I can add a feature that would disable >>> symlink resolution while performing evasion detection checks. OR - maybe >>> better - allow to declare a list of "gopher-served directories", where >>> you could declare all non-gopher-root directories that are likely to be >>> served via symlinks - what do you think? >>> >>> Mateusz >>> >>> >>> >>> On 04/01/2016 12:55, Martin Kukac wrote: >>>> Hello and happy new year to all! >>>> >>>> I have some further questions about how (and why) Motsognir works. Even >>>> though I could send it directly to Mateusz, I'm asking here, because it >>>> may help others in the future. I hope y'all don't mind. >>>> >>>> 1. external scripts >>>> >>>> On my gopher server I have bash, perl and PHP scripts and the do not >>>> behave the same way. I include all of them in the gophermap using "=", >>>> all of them have 755 permissions, but only PHP seems to work. >>>> >>>> To test it I placed this in the gophermap: >>>> >>>> =test.pl >>>> =test.sh >>>> =test.php >>>> >>>> All files had just a single line of code, printing "iTest.PL", >>>> "iTest.SH" and "iTest.PHP". The resulting gophermap returned to client >>>> only the output contained only PHP output, in /var/log/messages I found >>>> >>>> Jan 4 12:34:47 i-logout journal: motsognir [46.13.138.74][11235]: >>>> running server-side app '/var/gopher/test.php' >>>> >>>> Nothing else. What am I missing? I can rewrite all scripts to PHP if I >>>> have to, but isn't there another way? >>>> >>>> >>>> 2. directories outside GopherRoot >>>> >>>> When using Gophernicus, I had some directories all over the filesystem >>>> symlinked to GopherRoot and listed through gopher. Motsognir seems to >>>> prevent this because it thinks it is evasion attempt: >>>> >>>> Jan 4 12:50:44 i-logout journal: motsognir [46.13.138.74][11396]: >>>> Requested resource: /software/ / Local resource: /var/gopher/software/ >>>> Jan 4 12:50:44 i-logout journal: motsognir [46.13.138.74][11396]: >>>> Evasion check: path '/var/gopher/software/' (/var/ftp/pub/) do not seem >>>> to belong to '/var/gopher/' >>>> Jan 4 12:50:44 i-logout journal: motsognir [46.13.138.74][11396]: >>>> Evasion attempt. Forbidden! >>>> >>>> Is this necessary? I can't imagine how there could be symlinked folder >>>> without my knowledge, so this could be probably allowed. >>>> >>>> Thanks for the help. >>>> >>>> Martin _______________________________________________ Gopher-Project mailing list Gopher-Project@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/gopher-project Thread start (DIR) [gopher] Another batch of Motsognir questions (DIR) Followup: Re: [gopher] Another batch of Motsognir questions