[gopher] Another batch of Motsognir questions

Martin Kukac logout128 at gmail.com
Mon Jan 4 14:20:51 UTC 2016 

Hello Mateusz,

thanks for the quick response.

1. Even though I'm from Mac back on PC for most of the time, I still 
forget about extensions :-) Scripts had the correct permissions, correct 
shebang and when I tried to run them from bash, they worked. Gophernicus 
apparently didn't care about extensions and just used whatever output 
executable file returned. After renaming to *.cgi everything works, so 
for me it's solved.

2. For me both variants are OK, the list of "gopher-served directories" 
sounds more secure though, so I would go with that.

Martin



On 01/04/2016 01:29 PM, Mateusz Viste wrote:
> Hi Martin,
>
> 1. The extension of the file matters. Try renaming your *.sh to *.cgi -
> does it work then? Do not forget to have the file marked as executable
> (chmod +x) and declare a correct shebang inside it (#!/bin/sh)
> How would you see it done another way? I'd be willing to adapt this if
> there's a way that would be significantly more user friendly.
>
> 2. Indeed motsognir doesn't allow to access anything that is not inside
> the gopher root, because... well, just because :) if something is not
> inside the gopher root, then it's not supposed to be offered by gopher.
>
> If you think it would be useful, I can add a feature that would disable
> symlink resolution while performing evasion detection checks. OR - maybe
> better - allow to declare a list of "gopher-served directories", where
> you could declare all non-gopher-root directories that are likely to be
> served via symlinks - what do you think?
>
> Mateusz
>
>
>
> On 04/01/2016 12:55, Martin Kukac wrote:
>> Hello and happy new year to all!
>>
>> I have some further questions about how (and why) Motsognir works. Even
>> though I could send it directly to Mateusz, I'm asking here, because it
>> may help others in the future. I hope y'all don't mind.
>>
>> 1. external scripts
>>
>> On my gopher server I have bash, perl and PHP scripts and the do not
>> behave the same way. I include all of them in the gophermap using "=",
>> all of them have 755 permissions, but only PHP seems to work.
>>
>> To test it I placed this in the gophermap:
>>
>> =test.pl
>> =test.sh
>> =test.php
>>
>> All files had just a single line of code, printing "iTest.PL",
>> "iTest.SH" and "iTest.PHP". The resulting gophermap returned to client
>> only the output contained only PHP output, in /var/log/messages I found
>>
>> Jan  4 12:34:47 i-logout journal: motsognir [46.13.138.74][11235]:
>> running server-side app '/var/gopher/test.php'
>>
>> Nothing else. What am I missing? I can rewrite all scripts to PHP if I
>> have to, but isn't there another way?
>>
>>
>> 2. directories outside GopherRoot
>>
>> When using Gophernicus, I had some directories all over the filesystem
>> symlinked to GopherRoot and listed through gopher. Motsognir seems to
>> prevent this because it thinks it is evasion attempt:
>>
>> Jan  4 12:50:44 i-logout journal: motsognir [46.13.138.74][11396]:
>> Requested resource: /software/ / Local resource: /var/gopher/software/
>> Jan  4 12:50:44 i-logout journal: motsognir [46.13.138.74][11396]:
>> Evasion check: path '/var/gopher/software/' (/var/ftp/pub/) do not seem
>> to belong to '/var/gopher/'
>> Jan  4 12:50:44 i-logout journal: motsognir [46.13.138.74][11396]:
>> Evasion attempt. Forbidden!
>>
>> Is this necessary? I can't imagine how there could be symlinked folder
>> without my knowledge, so this could be probably allowed.
>>
>> Thanks for the help.
>>
>> Martin

More information about the Gopher-Project mailing list