A secure inetd gopher daemon
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
Solene Rapenne d2c01bbae3 Document correctly about port 70 9 months ago
tests Rename main.gph into something.txt because gph could be understood as a filetype requiring a server transformation before delivering it 1 year ago
LICENSE first commit 1 year ago
Makefile first commit 1 year ago
README.md Document correctly about port 70 9 months ago
khan.8 first commit 1 year ago
main.c first commit 1 year ago

README.md

A simplistic and secure Gopher server

Khan is a gopher server supporting chroot meant to be run on inetd.

Khan design is relying on inetd, the idea is to delegate the network to a daemon which proved doing it correctly, so khan takes its request from stdin and outputs the result to stdout. This also makes it very easy to write tests for it.

Khan is perfectly secure if run on OpenBSD, using unveil() the filesystem access is restricted to one directory (default to /var/gopher/) and with pledge() only systems calls related to reading files and reading input/output are allowed.

In addition, it's possible to run khan into a chroot and drop privileges to a dedicated user on every system on which Khan compiles.

Installing

For some systems, the library libsd may be required.

git clone https://tildegit.org/solene/khan.git
cd khan
make
sudo make install

Running tests

Khan comes with a test suite you can use with make test.

Command line parameters

Khan has a few parameters you can use in inetd configuration.

  • -d PATH: use PATH as the data directory to serve files from. Default is /var/gopher
  • -u username: enable chroot to the data directory and drop privileges to username.

How to configure Khan using inetd

Create directory /var/gopher/, files will be served from there, or use -d parameter to choose another path.

Add this line to inetd.conf:

70 stream tcp nowait gopher_user /usr/local/bin/khan khan

On OpenBSD, enable and start inetd:

# rcctl enable inetd
# rcctl start inetd

References

Khan is based on Vger source code. I didn't want to add a lot of conditionals instructions to make Vger support both gemini and gopher protocol.