Fileservice sends tracebacks even when devmode is off
Bug #523564 reported by
Matt Giuca
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| IVLE |
New
|
Low
|
Unassigned | ||
Bug Description
When a jail action in fileservice throws an exception, I see a traceback in the HTTP response.
It's in the X-IVLE-Error-Info header, url-encoded. Isn't the traceback supposed to be hidden?
Not sure if this bug is reproducible or even if it's intentional.
Revision history for this message
| William Grant (wgrant) wrote | #1 |
| security vulnerability: | yes → no |
| visibility: | private → public |
To post a comment you must log in.
This is very minor, since the traceback is from a process owned by the user running inside the user's jail.