[gopher] Gopherlogs!
Wesley Teal
wesleyteal at gmail.com
Tue Jan 12 22:49:20 UTC 2010
On Tue, 12 Jan 2010, Kim Holviala wrote:
> Almost worked with kgopherd.... I wasn't giving the arguments in argv[]
but
> in $QUERY_STRING like in CGI's. And I'm not sure if I'm comfortable with
> calling binaries using arguments gotten from the internets...
>
> Need to think about it before I implement argv[] support.
Kim,
Thanks for giving it a try. I understand the security concerns which is
why germ voids it's $ENV{PATH} variable and doesn't allow user or group id
to be changed, and doesn't call any external programs, etc. But of
course, not every script will take the proper precautions (and I may not
have even taken _all_ the precautions I should have, just the ones I knew
to take.)
Bucktooth allows arguments to be passed straight to the script, so I
used that because it was simple. However, it also passes executables an
environmental variable "SELECTOR" which, with a little more parsing,
could be used the same as argv[]. If you pass me along some references
for how kgopherd handles CGI, I can try to make germ more friendly to your
server. If kgopherd is roughly CGI compliant, I could just refer to that
standard, I suppose.
My goal is to make germ as server independent as possible.
Thanks,
Wesley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/gopher-project/attachments/20100112/82a6f6be/attachment.htm>
More information about the Gopher-Project
mailing list