Re: [gopher] Gopherlogs!
On Tue, 12 Jan 2010, Kim Holviala wrote:
> Almost worked with kgopherd.... I wasn't giving the arguments in argv[] but
> in $QUERY_STRING like in CGI's. And I'm not sure if I'm comfortable with
> calling binaries using arguments gotten from the internets...
>
> Need to think about it before I implement argv[] support.
Kim,
Thanks for giving it a try. I understand the security concerns which is
why germ voids it's $ENV{PATH} variable and doesn't allow user or group id
to be changed, and doesn't call any external programs, etc. But of
course, not every script will take the proper precautions (and I may not
have even taken _all_ the precautions I should have, just the ones I knew
to take.)
Bucktooth allows arguments to be passed straight to the script, so I
used that because it was simple. However, it also passes executables an
environmental variable "SELECTOR" which, with a little more parsing,
could be used the same as argv[]. If you pass me along some references
for how kgopherd handles CGI, I can try to make germ more friendly to your
server. If kgopherd is roughly CGI compliant, I could just refer to that
standard, I suppose.
My goal is to make germ as server independent as possible.
Thanks,
Wesley
_______________________________________________
Gopher-Project mailing list
Gopher-Project@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/gopher-project
Reply to: