Summary: Mild security concern with event cache: server
setup commands shown to client
Submitted by: cazfi
Submitted on: Wednesday 02/24/2010 at 19:29
Severity: 3 - Normal
Priority: 1 - Later
Assigned to: None
Discussion Lock: Any
Operating System: None
When starting, server echoes commands used to setup server to console. At
least "read" command is problematic as it takes filesystem path as parameter.
This reveals information about server computer internals.
Previously this was not a problem as clients connect only after these
messages have been shown. Now, with even cache, they are stored and shown to
Reply to this item at:
Message sent via/by Gna!
Freeciv-dev mailing list