[gopher] Another batch of Motsognir questions

Mateusz Viste mateusz at viste.fr
Mon Jan 4 12:29:52 UTC 2016 

Hi Martin,

1. The extension of the file matters. Try renaming your *.sh to *.cgi - 
does it work then? Do not forget to have the file marked as executable 
(chmod +x) and declare a correct shebang inside it (#!/bin/sh)
How would you see it done another way? I'd be willing to adapt this if 
there's a way that would be significantly more user friendly.

2. Indeed motsognir doesn't allow to access anything that is not inside 
the gopher root, because... well, just because :) if something is not 
inside the gopher root, then it's not supposed to be offered by gopher.

If you think it would be useful, I can add a feature that would disable 
symlink resolution while performing evasion detection checks. OR - maybe 
better - allow to declare a list of "gopher-served directories", where 
you could declare all non-gopher-root directories that are likely to be 
served via symlinks - what do you think?

Mateusz



On 04/01/2016 12:55, Martin Kukac wrote:
> Hello and happy new year to all!
>
> I have some further questions about how (and why) Motsognir works. Even
> though I could send it directly to Mateusz, I'm asking here, because it
> may help others in the future. I hope y'all don't mind.
>
> 1. external scripts
>
> On my gopher server I have bash, perl and PHP scripts and the do not
> behave the same way. I include all of them in the gophermap using "=",
> all of them have 755 permissions, but only PHP seems to work.
>
> To test it I placed this in the gophermap:
>
> =test.pl
> =test.sh
> =test.php
>
> All files had just a single line of code, printing "iTest.PL",
> "iTest.SH" and "iTest.PHP". The resulting gophermap returned to client
> only the output contained only PHP output, in /var/log/messages I found
>
> Jan  4 12:34:47 i-logout journal: motsognir [46.13.138.74][11235]:
> running server-side app '/var/gopher/test.php'
>
> Nothing else. What am I missing? I can rewrite all scripts to PHP if I
> have to, but isn't there another way?
>
>
> 2. directories outside GopherRoot
>
> When using Gophernicus, I had some directories all over the filesystem
> symlinked to GopherRoot and listed through gopher. Motsognir seems to
> prevent this because it thinks it is evasion attempt:
>
> Jan  4 12:50:44 i-logout journal: motsognir [46.13.138.74][11396]:
> Requested resource: /software/ / Local resource: /var/gopher/software/
> Jan  4 12:50:44 i-logout journal: motsognir [46.13.138.74][11396]:
> Evasion check: path '/var/gopher/software/' (/var/ftp/pub/) do not seem
> to belong to '/var/gopher/'
> Jan  4 12:50:44 i-logout journal: motsognir [46.13.138.74][11396]:
> Evasion attempt. Forbidden!
>
> Is this necessary? I can't imagine how there could be symlinked folder
> without my knowledge, so this could be probably allowed.
>
> Thanks for the help.
>
> Martin

More information about the Gopher-Project mailing list