Projects / GN gopher server

GN gopher server

GN is a fast, light and (for 1995 standards) secure gopher server. An effort is underway to fix the known buffer overflows and bring GN up to par with today's standards.

Tags
Licenses
Operating Systems
Implementation

Last announcement

upcoming changes 10 Jun 2014 13:57

for the record: if anyone is still using the http / html functionality or some legacy OS, you have until end of june (20140630 GMT 00h00) to speak up. if you require this code, i expect you to accept maintaining the html parts as a patch by your or to move towards wn httpd which was from the same original maintainers (i personally prefer boa, fnord or gatling for such things). if you still require legacy os support, i expect you to take care of the diff vs the regular release. current plan is to start flensing old code at 20140701 (new reference platform will be openbsd 5.5, with portability as a seperate patch) and full removal of all http/html code, to make it a pure gopher server. all patches will be vs last official release (2.24). all subsystems which are not essential to gopher protocol usage and all platforms which do not offer a useful c-library can expect limited to no support from my side - seperate patches welcome, will distribute them. regarding SSL/TLS: this code cleanup may (eventually) lead to supporting libressl.org SSL library, should i have enough time at hand. tl:dr: after 20140630 supported platform = openbsd-release, no httpd or legacy code. libressl is a second goal, should time allow.

Recent releases

  •  26 Feb 2002 08:17

    Release Notes: This release includes initial fixes and patchsets. Some fixes have been backed out again, due to reimplementation using strlcpy/strlcat. Documentation was added for these functions. This release is not for use on production servers.

    Recent comments

    30 Oct 2011 20:35 xripclaw

    @markhobley:
    i already ran audits using rats, its4, flawfinder.
    basically it needs a redesign and porting to more useful libraries (safe str cat/copy implementations, bsd-like etc). also, since no one really needs a httpd mixed anymore, http should be cut out. i currently don't have the time to do proactive maintenance on this one - burgreports will get fixed.

    it is as "secure" as a 15 year old application can be, that was designed with a security like mindset (watch the wording !), but never designed for an internet as bad as today.

    and i did not even rant about the performance yet...

    btw - this and other projects may move server soon.

    01 Nov 2010 19:58 markhobley

    xripclaw wrote:
    > development is currently on ice, since no one seems to use it.
    > basically the code is stable, but i wouldn`t trust it against network or local attackers.

    It is a pity this project is halted. What security issues are there with this software? We could do with a security audit on this software.

    12 Apr 2006 05:39 xripclaw

    update information
    development is currently on ice, since no one seems to use it. if there are questions or problems feel free to mail me, i`ll step up again on this.

    basically the code is stable, but i wouldn`t trust it against network or local attackers.

    Screenshot

    Project Spotlight

    OpenStack4j

    A Fluent OpenStack client API for Java.

    Screenshot

    Project Spotlight

    TurnKey TWiki Appliance

    A TWiki appliance that is easy to use and lightweight.