rdelaage
/
gmid
mirror of https://github.com/omar-polo/gmid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
107 Commits 2 Branches 28 Tags 5.5 MiB
C 81.7%
Roff 4.4%
Yacc 4.1%
Shell 3.2%
Makefile 1.9%
Other 4.6%
Go to file
Omar Polo ea58dab1a7 update readme 2021-01-17 09:42:10 +00:00
.gitignore conf & vhosts 2021-01-15 09:17:43 +00:00
ChangeLog set SERVER_NAME to the vhost when executing CGI scripts 2021-01-15 19:23:43 +00:00
INSTALL.gmi extend installation notes 2020-10-03 14:13:55 +02:00
LICENSE added license 2020-10-02 19:54:59 +02:00
Makefile split into two processes: listener and executor 2021-01-16 19:41:34 +00:00
README.md update readme 2021-01-17 09:42:10 +00:00
cgi.c split into two processes: listener and executor 2021-01-16 19:41:34 +00:00
ex.c split into two processes: listener and executor 2021-01-16 19:41:34 +00:00
gmid.1 conf & vhosts 2021-01-15 09:17:43 +00:00
gmid.c missing break 2021-01-17 09:34:06 +00:00
gmid.h split into two processes: listener and executor 2021-01-16 19:41:34 +00:00
iri.c wording 2021-01-16 20:14:02 +00:00
iri_test.c normalize host name when parsing the IRI 2021-01-15 09:27:42 +00:00
lex.l add protocols to the config 2021-01-15 18:55:05 +00:00
parse.y add protocols to the config 2021-01-15 18:55:05 +00:00
sample.conf add protocols to the config 2021-01-15 18:55:05 +00:00
sandbox.c we don't need to check for CGI anymore 2021-01-17 09:37:44 +00:00
utf8.c s/uri/iri since we accept IRIs 2021-01-11 13:08:00 +00:00

README.md

gmid

dead simple, zero configuration Gemini server

gmid is a simple and minimal Gemini server. It can run without configuration, so it's well suited for local development, but at the same time has a configuration file flexible enough to meet the requirements of most capsules.

gmid was initially written to serve static files, but can also optionally execute CGI scripts. It was also written with security in mind: on Linux, FreeBSD and OpenBSD is sandboxed via seccomp(2), capsicum(4)and pledge(2)+unveil(2) respectively.

Features

  • IRI support (RFC3987)
  • dual stack: can serve over both IPv4 and IPv6
  • CGI scripts
  • (very) low memory footprint
  • small codebase, easily hackable
  • virtual hosts
  • sandboxed by default on OpenBSD, Linux and FreeBSD

Drawbacks

  • not suited for very busy hosts. If you receive an high number of connection per-second you'd probably want to run multiple gmid instances behind relayd/haproxy or a different server.

Building

gmid depends a POSIX libc and libtls. It can probably be linked against libretls, but I've never tried.

See INSTALL.gmi for more info, but the build is as simple as

make

The Makefile isn't able to produce a statically linked executable (yet), so for that you have to execute by hand

make
cc -static *.o /usr/lib/lib{crypto,tls,ssl}.a -o gmid
strip gmid

to enjoy your ~2.3M statically-linked gmid.

Architecture/Security considerations

gmid is composed by two processes: a listener and an executor. The listener process is the only one that needs internet access and is sandboxed. When a CGI script needs to be executed, the executor (outside of the sandbox) sets up a pipe and gives one end to the listener, while the other is bound to the CGI script standard output. This way, is still possible to execute CGI scripts without restriction even if the presence of a sandbox.

On OpenBSD, the listener process runs with the stdio recvfd rpath inet pledges and has unveil(2)ed only the directories that it serves; the executor has stdio sendfd proc exec as pledges.

On FreeBSD, the executor process is sandboxed with capsicum(4).

On Linux, a seccomp(2) filter is installed to filter the syscalls allowed, see sandbox.c for more information on the BPF program.

In any case, you are invited to run gmid inside some sort of container/jail.