[gopher] Re: finally i find other gopherfans... (gn maintainer)
Hello Stefan!
"Stefan Koerner (ROCK Linux)" <ripclaw@nerd.clifford.at> writes:
> i have an entire mirror of the 1997 site archived on tape,
> and the tarball for the last official release up on my homepage
> at http://www.rocklinux.org/people/ripclaw/software/gopher -
> sorry for not having a gopher, it wasn`t secure enough.
I'm glad to hear about someone maintaining gn! I had thought it had
died out into oblivion.
> seeing other people release something the like is an enourmous
> boost to my morale, and will finally get me onto my ass and fixing
> some of the source soon.
Excellent :-)
If you need any resources (esp. CVS repository or some such), let me
know.
> since you guys probably went through the same thing,
> where is sufficient info on security related changes
> (str*n* functions in C) avialable ?
Hmm. You might start here:
http://rr.sans.org/threats/buffer_overflow.php
Basically, these functions are often unsafe:
strcpy
strcat
sprintf
gets
It's because you can copy a string larger than the destination into
it. In place, you'd want to use the "n" functions -- strncpy, etc.
> i tried feeding the info to my brain from manpages,
> but i seem to misunderstand it.
Feel free to ask any questions here.
> my dreams currently focus on a gopher-only multithreading server
> with ssl/tsl support and a ssh-for-telnet trade.
Nice.
You might want to look over CVS diffs from UMN gopherd to get an idea
of the stuff that has been changed.
> i ran into some compile problems with gopher-3.0.2 on my box,
> i`ll find time and figure out.
You might want to send the build log to me and I'll see what I can
find.
Reply to: