Commits
- Commit:
070b32952caf91e2f7f7598230236fdd872f99e5
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move and dedup the tls initalization in server.c
- Commit:
df5058c919cbd1538d0a04cb2a4c179c0291566f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
provide a more usual fatal
fatal usually appends the error string. Add 'fatalx' that doesn't.
Fix callers and move the prototypes to log.h
- Commit:
a01a91db06a943ef0cc8fbb7294786814a63b65c
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move some server-related code to server.c
- Commit:
1e0b974519c8228e271b2b6e677c1b8f9a109b6b
- From:
- Omar Polo <op@omarpolo.com>
- Date:
send capsicum/landlock/seccomp hack to Valhalla
- Commit:
eb4f96c10afcf8806cbbff3087aa0850e3fc9905
- From:
- Omar Polo <op@omarpolo.com>
- Date:
typo
- Commit:
534afd0ddcba7c3d2f8478e89db026010c6190c5
- From:
- Omar Polo <op@omarpolo.com>
- Date:
make the various strings in the config fixed-length
will help in future restructuring to have fixed-size objects.
- Commit:
d040746a37a2af87b1b4ffe746e2f3b9231576f1
- From:
- Omar Polo <op@omarpolo.com>
- Date:
server: inline dispatch_imsg
- Commit:
0126d91d1d80d7d8e794b2176556fce969f165cd
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add ge: gemini export!
- Commit:
760009951357d4c36991c4c6a62db973289b32d9
- From:
- Omar Polo <op@omarpolo.com>
- Date:
optionally disable the sandbox on some systems
The FreeBSD and Linux' sandbox can't deal with `fastcgi' and `proxy'
configuration rules: new sockets needs to be opened and it's either
impossible (the former) or a huge pain in the arse (the latter).
The sandbox is still always used in case only static files are served.
- Commit:
d29a2ee2246e1b1b0c5222a823820e42422c894e
- From:
- Omar Polo <op@omarpolo.com>
- Date:
get rid of the CGI support
I really want to get rid of the `executor' process hack for CGI scripts
and its escalation to allow fastcgi and proxying to work on non-OpenBSD.
This drops the CGI support and the `executor' process entirely and is
the first step towards gmid 2.0. It also allows to have more secure
defaults.
On non-OpenBSD systems this means that the sandbox will be deactivated
as soon as fastcgi or proxying are used: you can't open sockets under
FreeBSD' capsicum(4) and I don't want to go thru the pain of making it
work under linux' seccomp/landlock. Patches are always welcome however.
For folks using CGI scripts (hey, I'm one of you!) not all hope is lost:
fcgiwrap or OpenBSD' slowcgi(8) are ways to run CGI scripts as they were
FastCGI applications.
fixes for the documentation and to the non-OpenBSD sandboxes will
follow.
- Commit:
543f4a66fec191b16621ae4f7783782131a3b067
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add a trailing / for dirs in the directory index.
- Commit:
a555e0d67baef271ffe4a186326ee5f1c16fff75
- From:
- Omar Polo <op@omarpolo.com>
- Date:
copyright years
- Commit:
f2f8eb35c86c4e1c1d858e782c864deac0511cd3
- From:
- Omar Polo <op@omarpolo.com>
- Date:
encode file names in the directory index
Spotted the hard way by cage
- Commit:
3bd4a6dea08fc977e314877cefed1c6fdd6b1613
- From:
- Omar Polo <op@omarpolo.com>
- Date:
log when it fails to open a file because of permissions
- Commit:
ea27eaaa83d61792e75858dc624c58fe1fa13dc9
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix an out-of-bound access in start_cgi
Long time ago, client->req was a static buffer so the memcpy was safe.
However, it's been since moved to a dynamically allocated string, so
it's very often smaller than sizeof(req.buf) (1024), hence the out of
bound access which results in a SIGSEGV very often on OpenBSD thanks to
Otto' malloc.
The situation with the iri parser, client->req and how the request is
forwarded to the other process needs to be improved: this is just a fix
to address the issue quickly, a better one would be to restructure the
iri parser APIs and rethink how the info is forwarded to the ex process.