[gopher] Another batch of Motsognir questions

Mateusz Viste mateusz at viste.fr
Mon Jan 25 19:22:07 UTC 2016 

On 07/01/2016 09:35, Martin Kukac wrote:
> There was one another minor thing with Motsognir not completing
> automatically the itemtype "i" line with \t\tserver\tport when it's
> result of a script as it does when it's from plain gophermap.

FWIW, I spent the day on implementing a new gophermap processing engine 
in Motsognir (available on svn only, no 'official' release yet). This 
new processing solves the problem you describe - ie. partial gophermaps 
are filled with missing data (server, port, +resolution of relative 
paths). So far this was the case only for text gophermaps, but now it 
extends to any gophermap (dynamic, static text, and in-line scripts 
within a static gophermap).

cheers,
Mateusz




> On 01/06/2016 08:14 PM, Mateusz Viste wrote:
>> Hi,
>>
>> I implemented a new configuration token inside Motsognir, called
>> PubDirList. This is a list of "non-gopher root directories that are
>> allowed to be served". It's on Motsognir's svn as of now, so feel free
>> to grab it already. I believe it provides a graceful solution to the
>> problem you described earlier.
>>
>> It should be as simple as adding this to the Motsognir's configuration
>> file:
>>
>> PubDirList=/var/ftp/pub
>>
>> If you have more than one such directory, then:
>>
>> PubDirList=/var/ftp/pub:/var/other/stuff
>>
>> enjoy! :)
>>
>> Mateusz
>>
>>
>>
>> On 04/01/2016 15:20, Martin Kukac wrote:
>>> Hello Mateusz,
>>>
>>> thanks for the quick response.
>>>
>>> 1. Even though I'm from Mac back on PC for most of the time, I still
>>> forget about extensions :-) Scripts had the correct permissions, correct
>>> shebang and when I tried to run them from bash, they worked. Gophernicus
>>> apparently didn't care about extensions and just used whatever output
>>> executable file returned. After renaming to *.cgi everything works, so
>>> for me it's solved.
>>>
>>> 2. For me both variants are OK, the list of "gopher-served directories"
>>> sounds more secure though, so I would go with that.
>>>
>>> Martin
>>>
>>>
>>>
>>> On 01/04/2016 01:29 PM, Mateusz Viste wrote:
>>>> Hi Martin,
>>>>
>>>> 1. The extension of the file matters. Try renaming your *.sh to *.cgi -
>>>> does it work then? Do not forget to have the file marked as executable
>>>> (chmod +x) and declare a correct shebang inside it (#!/bin/sh)
>>>> How would you see it done another way? I'd be willing to adapt this if
>>>> there's a way that would be significantly more user friendly.
>>>>
>>>> 2. Indeed motsognir doesn't allow to access anything that is not inside
>>>> the gopher root, because... well, just because :) if something is not
>>>> inside the gopher root, then it's not supposed to be offered by gopher.
>>>>
>>>> If you think it would be useful, I can add a feature that would disable
>>>> symlink resolution while performing evasion detection checks. OR -
>>>> maybe
>>>> better - allow to declare a list of "gopher-served directories", where
>>>> you could declare all non-gopher-root directories that are likely to be
>>>> served via symlinks - what do you think?
>>>>
>>>> Mateusz
>>>>
>>>>
>>>>
>>>> On 04/01/2016 12:55, Martin Kukac wrote:
>>>>> Hello and happy new year to all!
>>>>>
>>>>> I have some further questions about how (and why) Motsognir works.
>>>>> Even
>>>>> though I could send it directly to Mateusz, I'm asking here,
>>>>> because it
>>>>> may help others in the future. I hope y'all don't mind.
>>>>>
>>>>> 1. external scripts
>>>>>
>>>>> On my gopher server I have bash, perl and PHP scripts and the do not
>>>>> behave the same way. I include all of them in the gophermap using "=",
>>>>> all of them have 755 permissions, but only PHP seems to work.
>>>>>
>>>>> To test it I placed this in the gophermap:
>>>>>
>>>>> =test.pl
>>>>> =test.sh
>>>>> =test.php
>>>>>
>>>>> All files had just a single line of code, printing "iTest.PL",
>>>>> "iTest.SH" and "iTest.PHP". The resulting gophermap returned to client
>>>>> only the output contained only PHP output, in /var/log/messages I
>>>>> found
>>>>>
>>>>> Jan  4 12:34:47 i-logout journal: motsognir [46.13.138.74][11235]:
>>>>> running server-side app '/var/gopher/test.php'
>>>>>
>>>>> Nothing else. What am I missing? I can rewrite all scripts to PHP if I
>>>>> have to, but isn't there another way?
>>>>>
>>>>>
>>>>> 2. directories outside GopherRoot
>>>>>
>>>>> When using Gophernicus, I had some directories all over the filesystem
>>>>> symlinked to GopherRoot and listed through gopher. Motsognir seems to
>>>>> prevent this because it thinks it is evasion attempt:
>>>>>
>>>>> Jan  4 12:50:44 i-logout journal: motsognir [46.13.138.74][11396]:
>>>>> Requested resource: /software/ / Local resource: /var/gopher/software/
>>>>> Jan  4 12:50:44 i-logout journal: motsognir [46.13.138.74][11396]:
>>>>> Evasion check: path '/var/gopher/software/' (/var/ftp/pub/) do not
>>>>> seem
>>>>> to belong to '/var/gopher/'
>>>>> Jan  4 12:50:44 i-logout journal: motsognir [46.13.138.74][11396]:
>>>>> Evasion attempt. Forbidden!
>>>>>
>>>>> Is this necessary? I can't imagine how there could be symlinked folder
>>>>> without my knowledge, so this could be probably allowed.
>>>>>
>>>>> Thanks for the help.
>>>>>
>>>>> Martin

More information about the Gopher-Project mailing list