Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 267024 - Anon web CVS path disclosure, security
Summary: Anon web CVS path disclosure, security
Status: RESOLVED FIXED
Alias: None
Product: Websites
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Infrastructure
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-04-21 21:17 UTC by Kanstantsin Shautsou
Modified: 2010-05-09 02:30 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kanstantsin Shautsou 2009-04-21 21:17:30 UTC 
http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/guide-localizaton.xml?r1=1.52&r2=1.54
Python Traceback gives full path for web cvs scrpit.
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2009-04-22 16:22:16 UTC 
The paths of viewcvs don't bug me, because they are are knowable anyway since people can see we are running viewcvs.

The base path of /var/www/viewcvs.gentoo.org isn't really critical either. If there's an easy way to trim that out of the exception traceback, sure I'll take it, but I'm not going to go overboard to fix this.
Comment 2 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2010-05-09 02:30:49 UTC 
closing bug, non issue in new deployment which will be live soon.