Received: with LISTAR (v1.0.0; list gopher);
 Tue, 15 Jan 2002 11:22:08 -0500 (EST)
Return-Path: <jgoerzen@complete.org>
Delivered-To: gopher@complete.org
Received: from erwin.complete.org (cc62016-a.indnpls1.in.home.com
 [24.36.182.146])
	(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
	(Client CN "erwin.complete.org",
 Issuer CN "John Goerzen -- Root CA" (verified OK))
	by pi.glockenspiel.complete.org (Postfix) with ESMTP
	id 3954A3B811; Tue, 15 Jan 2002 11:22:08 -0500 (EST)
Received: by erwin.complete.org (Postfix, from userid 1000)
	id 5F33075832; Tue, 15 Jan 2002 11:22:07 -0500 (EST)
To: "Stefan Koerner (ROCK Linux)" <ripclaw@nerd.clifford.at>
Cc: <bkarger@scn.org>, <stefan.koerner@db.com>, gopher@complete.org
Subject: [gopher] Re: finally i find other gopherfans... (gn maintainer)
References: <Pine.LNX.4.33.0201150204300.1663-100000@nerd.clifford.at>
From: John Goerzen <jgoerzen@complete.org>
Date: Tue, 15 Jan 2002 11:22:07 -0500
In-Reply-To: <Pine.LNX.4.33.0201150204300.1663-100000@nerd.clifford.at>
 ("Stefan
 Koerner's message of "Tue, 15 Jan 2002 02:17:13 +0100 (CET)")
Message-ID: <877kqjbn4g.fsf@complete.org>
Lines: 60
User-Agent: Gnus/5.090005 (Oort Gnus v0.05) XEmacs/21.4 (Common Lisp,
 alpha-debian-linux)
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
X-archive-position: 329
X-listar-version: Listar v1.0.0
Sender: gopher-bounce@complete.org
Errors-to: gopher-bounce@complete.org
X-original-sender: jgoerzen@complete.org
Precedence: bulk
Reply-to: gopher@complete.org
List-help: <mailto:listar@complete.org?Subject=help>
List-unsubscribe: <mailto:gopher-request@complete.org?Subject=unsubscribe>
List-software: Listar version 1.0.0
X-List-ID: Gopher <gopher.complete.org>
List-subscribe: <mailto:gopher-request@complete.org?Subject=subscribe>
List-owner: <mailto:jgoerzen@complete.org>
List-post: <mailto:gopher@complete.org>
List-archive: <http://www.complete.org/mailinglists/archives/>
X-list: gopher


Hello Stefan!

"Stefan Koerner (ROCK Linux)" <ripclaw@nerd.clifford.at> writes:

> i have an entire mirror of the 1997 site archived on tape,
> and the tarball for the last official release up on my homepage
> at http://www.rocklinux.org/people/ripclaw/software/gopher -
> sorry for not having a gopher, it wasn`t secure enough.

I'm glad to hear about someone maintaining gn!  I had thought it had
died out into oblivion.

> seeing other people release something the like is an enourmous
> boost to my morale, and will finally get me onto my ass and fixing
> some of the source soon.

Excellent :-)

If you need any resources (esp. CVS repository or some such), let me
know.

> since you guys probably went through the same thing,
> where is sufficient info on security related changes
> (str*n* functions in C) avialable ?

Hmm.  You might start here:

http://rr.sans.org/threats/buffer_overflow.php

Basically, these functions are often unsafe:

  strcpy
  strcat
  sprintf
  gets

It's because you can copy a string larger than the destination into
it.  In place, you'd want to use the "n" functions -- strncpy, etc.

> i tried feeding the info to my brain from manpages,
> but i seem to misunderstand it.

Feel free to ask any questions here.


> my dreams currently focus on a gopher-only multithreading server
> with ssl/tsl support and a ssh-for-telnet trade.

Nice.

You might want to look over CVS diffs from UMN gopherd to get an idea
of the stuff that has been changed.

> i ran into some compile problems with gopher-3.0.2 on my box,
> i`ll find time and figure out.

You might want to send the build log to me and I'll see what I can
find.