💾 Archived View for rawtext.club › ~sloum › geminilist › 006376.gmi captured on 2024-03-21 at 16:27:18. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

-=-=-=-=-=-=-

<-- back to the mailing list

JetForce vs. Molly Brown Server: CGI-variable SCRIPT_NAME is not present

Ben Goldberg ben at benaaron.dev

Fri Apr 16 12:11:14 BST 2021

- - - - - - - - - - - - - - - - - - - 
Know security issues
#
<https://sr.ht/~zethra/stargazer/#root-escape---pre-040>Root
escape - pre 0.4.0
Stargazer would serve files from anywhere on the file system if a path
starting with // was requested.

Yes, that is fixed in the current version! (maybe I should make that more clear in the readme) An embarrassing bug, but better to be honest about it.

stargazer is written in Rust and doesn't have any runtime dependencies(including OpenSSL). If you're on Linux, you can grab a binary from here[1] or compile it yourself. The provided binary is compiled against musl so it *should* work regardless of distro. It should also work on other OSs but I haven't done much testing. If you run into any issues please send an email to the stargazer mailing list[2].

[1]: https://git.sr.ht/~zethra/stargazer/refs/download/0.4.0/stargazer-0.4.0-x86_64-linux-musl.tar.xz[2]: https://lists.sr.ht/~zethra/stargazer