httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: printing r->filename for access denied errors
Date Fri, 16 Mar 2012 14:12:56 GMT
On 16 Mar 2012, at 3:50 PM, Nick Kew wrote:

> Yes, there is harm.  Exposing filesystem information will bring
> in a flood of vulnerability reports.  Remember the kerfuffle we
> had about inodes appearing in etags?

ETags are seen by clients, we're talking about a message in error_log. Since when did writing
stuff to the error_log become a vulnerability?

Regards,
Graham
--


Mime
View raw message