Comments for GN gopher server
xripclaw wrote:
> development is currently on ice, since no one seems to use it.
> basically the code is stable, but i wouldn`t trust it against network or local attackers.
It is a pity this project is halted. What security issues are there with this software? We could do with a security audit on this software.
update information
development is currently on ice, since no one seems to use it. if there are questions or problems feel free to mail me, i`ll step up again on this.
basically the code is stable, but i wouldn`t trust it against network or local attackers.
@markhobley:
i already ran audits using rats, its4, flawfinder.
basically it needs a redesign and porting to more useful libraries (safe str cat/copy implementations, bsd-like etc). also, since no one really needs a httpd mixed anymore, http should be cut out. i currently don't have the time to do proactive maintenance on this one - burgreports will get fixed.
it is as "secure" as a 15 year old application can be, that was designed with a security like mindset (watch the wording !), but never designed for an internet as bad as today.
and i did not even rant about the performance yet...
btw - this and other projects may move server soon.