Re: Showing full pathname of repo

From: Colin Watson <cjwatson_at_flatline.org.uk>
Date: 2004-01-25 05:11:10 CET

On Sun, Jan 25, 2004 at 10:39:05AM +0800, plasma wrote:
> I just ran into this command:
>
> plasma_at_plasmanb:~> svn log -r 9900 -v http://svn.elixus.org/repos/
> subversion/libsvn_ra_dav/util.c:661: (apr_err=160006)
> svn: PROPFIND request failed on '/repos/!svn/vcc/default'
> subversion/libsvn_ra_dav/util.c:359: (apr_err=160006)
> svn:
> reference to non-existent revision '9900' in filesystem '/home/svnrepos/repos/db'
>
> And I noticed the full pathname of repository is shown. Is this a
> good idea to reveal the full pathname of repository?

Surely, if it matters that an attacker knows the path, you've already
lost anyway? I've found the information useful for diagnosing problems
in the past and don't see how it's a vulnerability.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Sun Jan 25 05:11:48 2004

This message: [ Message body ]
Next message: Blair Zajac: "svn.collab.net repository down"
Previous message: kfogel_at_collab.net: "Re: Showing full pathname of repo"
In reply to: plasma: "Showing full pathname of repo"
Next in thread: Mark Benedetto King: "Re: Showing full pathname of repo"
Reply: Mark Benedetto King: "Re: Showing full pathname of repo"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]