From d29a2ee2246e1b1b0c5222a823820e42422c894e Mon Sep 17 00:00:00 2001 From: Omar Polo Date: Tue, 6 Sep 2022 16:11:09 +0000 Subject: get rid of the CGI support I really want to get rid of the `executor' process hack for CGI scripts and its escalation to allow fastcgi and proxying to work on non-OpenBSD. This drops the CGI support and the `executor' process entirely and is the first step towards gmid 2.0. It also allows to have more secure defaults. On non-OpenBSD systems this means that the sandbox will be deactivated as soon as fastcgi or proxying are used: you can't open sockets under FreeBSD' capsicum(4) and I don't want to go thru the pain of making it work under linux' seccomp/landlock. Patches are always welcome however. For folks using CGI scripts (hey, I'm one of you!) not all hope is lost: fcgiwrap or OpenBSD' slowcgi(8) are ways to run CGI scripts as they were FastCGI applications. fixes for the documentation and to the non-OpenBSD sandboxes will follow. --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index 4263391..ca18f85 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ featureful server. - IRI support (RFC3987) - automatic certificate generation for config-less mode - reverse proxying - - CGI and FastCGI support + - FastCGI support - virtual hosts - location rules - event-based asynchronous I/O model @@ -75,9 +75,6 @@ server "example.com" { # lang for text/gemini files lang "en" - # execute CGI scripts in /cgi/ - cgi "/cgi/*" - # only for locations that matches /files/* location "/files/*" { # generate directory listings @@ -141,6 +138,9 @@ to the `contrib` directory. ## Architecture/Security considerations +**outdated: revisit for gmid 2.0** + + gmid is composed by four processes: the parent process, the logger, the listener and the executor. The parent process is the only one that doesn't drop privileges, but all it does is to wait for a SIGHUP -- cgit v1.2.3