Received: with ECARTIS (v1.0.0; list gopher);
 Mon, 22 Jul 2002 08:39:34 -0500 (EST)
Return-Path: <jgoerzen@complete.org>
Delivered-To: gopher@complete.org
Received: from christoph.complete.org (christoph.complete.org [10.201.0.200])
	(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
	(Client CN "christoph.complete.org",
 Issuer "John Goerzen -- Root CA" (verified OK))
	by pi.glockenspiel.complete.org (Postfix) with ESMTP
	id 403333B81F; Mon, 22 Jul 2002 08:39:34 -0500 (EST)
Received: by christoph.complete.org (Postfix, from userid 1000)
	id 2B4851660B; Mon, 22 Jul 2002 08:39:22 -0500 (EST)
Date: Mon, 22 Jul 2002 08:39:22 -0500
From: John Goerzen <jgoerzen@complete.org>
To: gopher@complete.org, rcooley@myrealbox.com
Subject: [gopher] Re: [Fwd: Re: Gopher+ Suggestion]
Message-ID: <20020722133922.GL1410@complete.org>
References: <3D3BBB13.8090405@myrealbox.com>
Mime-Version: 1.0
Content-type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3D3BBB13.8090405@myrealbox.com>
User-Agent: Mutt/1.4i
Content-Transfer-Encoding: 8bit
X-archive-position: 654
X-ecartis-version: Ecartis v1.0.0
Sender: gopher-bounce@complete.org
Errors-to: gopher-bounce@complete.org
X-original-sender: jgoerzen@complete.org
Precedence: bulk
Reply-to: gopher@complete.org
List-help: <mailto:ecartis@complete.org?Subject=help>
List-unsubscribe: <mailto:gopher-request@complete.org?Subject=unsubscribe>
List-software: Ecartis version 1.0.0
List-ID: Gopher <gopher.complete.org>
X-List-ID: Gopher <gopher.complete.org>
List-subscribe: <mailto:gopher-request@complete.org?Subject=subscribe>
List-owner: <mailto:jgoerzen@complete.org>
List-post: <mailto:gopher@complete.org>
List-archive: <http://www.complete.org/mailinglists/archives/>
X-list: gopher


On Mon, Jul 22, 2002 at 12:58:11AM -0700, R. Cooley wrote:
> 
> I'm way ahead of you.  I've already been using the hostalias feature. 
>  One problem is just that it does make setup more complicated, and 
> Gopher+ less flexible.  My problem is that I choose to run gopherd as a 
> normal user, rather than as Root.  Of course, that prevents the use of 
> any port below 1024.

OK, I've made a patch to pygopherd that adds a new "advertisedport" feature
that will do what you need.  I'm including the patch below; download 3.0.0
and apply the patch to it.  It will go into 3.0.1 when it is released.

PyGopherd lives at gopher://quux.org/1/devel/gopher/pygopherd or
http://quux.org/devel/gopher/pygopherd.

> If I used chroot to secure gopher+, I could use port 70, but I avoid 

The port number had nothing to do with chroot; it has things to do with
root.

> http://sourceforge.net/tracker/index.php?func=detail&aid=567313&group_id=11118&atid=311118

Well, your analysis pits privilege dropping and chroot versus starting as a
non-privileged user and not using chroot.  I don't believe that your "not
trusting the program to properly drop privileges" argument holds water when
you're dealing with software that you have the source code to.  You can
check for yourself to see.  In Pygopherd's case, you can read
pygopherd/initialization.py.  In gopherd's case, you can read gopherd.c and
serverutil.c.

Personally, I would (and do) trust PyGopherd completely.

If you accept as a given that the privilege dropping is done properly, then
I think it is self-evident that chroot mode is more secure than not.

-- John


-- 
John Goerzen <jgoerzen@complete.org>    GPG: 0x8A1D9A1F    www.complete.org