Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 267024

Summary: Anon web CVS path disclosure, security
Product: Websites Reporter: Kanstantsin Shautsou <gentoo.integer>
Component: OtherAssignee: Gentoo Infrastructure <infra-bugs>
Status: RESOLVED FIXED    
Severity: trivial    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Kanstantsin Shautsou 2009-04-21 21:17:30 UTC 
http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/guide-localizaton.xml?r1=1.52&r2=1.54
Python Traceback gives full path for web cvs scrpit.
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2009-04-22 16:22:16 UTC 
The paths of viewcvs don't bug me, because they are are knowable anyway since people can see we are running viewcvs.

The base path of /var/www/viewcvs.gentoo.org isn't really critical either. If there's an easy way to trim that out of the exception traceback, sure I'll take it, but I'm not going to go overboard to fix this.
Comment 2 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2010-05-09 02:30:49 UTC 
closing bug, non issue in new deployment which will be live soon.