get rid of the CGI support

I really want to get rid of the `executor' process hack for CGI scripts
and its escalation to allow fastcgi and proxying to work on non-OpenBSD.

This drops the CGI support and the `executor' process entirely and is
the first step towards gmid 2.0.  It also allows to have more secure
defaults.

On non-OpenBSD systems this means that the sandbox will be deactivated
as soon as fastcgi or proxying are used: you can't open sockets under
FreeBSD' capsicum(4) and I don't want to go thru the pain of making it
work under linux' seccomp/landlock.  Patches are always welcome however.

For folks using CGI scripts (hey, I'm one of you!) not all hope is lost:
fcgiwrap or OpenBSD' slowcgi(8) are ways to run CGI scripts as they were
FastCGI applications.

fixes for the documentation and to the non-OpenBSD sandboxes will
follow.

1 files changed, 4 insertions, 4 deletions

diff --git a/README.md b/README.md
index 4263391..ca18f85 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ featureful server.
  - IRI support (RFC3987)
  - automatic certificate generation for config-less mode
  - reverse proxying
- - CGI and FastCGI support
+ - FastCGI support
  - virtual hosts
  - location rules
  - event-based asynchronous I/O model
@@ -75,9 +75,6 @@ server "example.com" {
 	# lang for text/gemini files
 	lang "en"
 
-	# execute CGI scripts in /cgi/
-	cgi "/cgi/*"
-
 	# only for locations that matches /files/*
 	location "/files/*" {
 		# generate directory listings
@@ -141,6 +138,9 @@ to the `contrib` directory.
 
 ## Architecture/Security considerations
 
+**outdated: revisit for gmid 2.0**
+
+
 gmid is composed by four processes: the parent process, the logger,
 the listener and the executor.  The parent process is the only one
 that doesn't drop privileges, but all it does is to wait for a SIGHUP