Complete.Org: Mailing Lists: Archives: gopher: January 2002:
[gopher] Re: Security issues in Gopher?
Home

[gopher] Re: Security issues in Gopher?

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: gopher@xxxxxxxxxxxx
Subject: [gopher] Re: Security issues in Gopher?
From: John Goerzen <jgoerzen@xxxxxxxxxxxx>
Date: 22 Jan 2002 08:56:36 -0500
Reply-to: gopher@xxxxxxxxxxxx

Robert Hahn <rhahn@xxxxxxxxxx> writes:

> of Gopher, I'm wondering:  with the recent work that has gone into it, 
> have the programmers for the project made an effort to tackle security 
> on a proactive basis instead of a reactive one?  I would hardly be 
> unique by saying I don't want my system hacked. :)

Yes.  Several people have gone at the code removing the most onerous
of the buffer overflows -- hundreds of fixes in all.

This does not mean that the code is absolutely secure, but it is far
better than it was.  There's always more auditing that could be done.

> pretty sound to me (ie: user 'nobody' can't really do a whole lot of 
> damage) so I'm wondering what it would take for me to run gopherd as 
> nobody - and better still, why people are running it as root.

You can not only run gopherd as nobody (see -u) but you can also run
it chroot, which is more than you get with Apache even.

-- John


[Prev in Thread] Current Thread [Next in Thread]