[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Two new bugs on SF...
From: |
Christian Pearce |
Subject: |
Re: Two new bugs on SF... |
Date: |
Thu, 28 Jul 2005 11:50:15 -0400 |
On Wed, 2005-07-27 at 13:36 -0700, Eric Sorenson wrote:
> On Wed, 27 Jul 2005, Christian Pearce wrote:
>
> > Copying a missing file:
> >
> > * Gives me a Host authentication error.
> >
> > https://sourceforge.net/tracker/index.php?func=detail&aid=1246276&group_id=126712&atid=706640
>
> Mark has said before that this behavior is intentional, to avoid
> giving specific error information to an attacker.
But I am authenticated and the message told me the file doesn't exists.
So even if I was an attacker that somehow authenticated, I still know
the file doesn't exist.
> >
> > * elsedefine does not become defined:
> >
> > https://sourceforge.net/tracker/index.php?func=detail&aid=1246301&group_id=126712&atid=706640
>
> Yes there's definitely an assumption that the file you're trying to
> copy will exist at the source location, which does not hold true once
> you start using singlecopy. The "can't stat/auth failed" log message
> spamminess on both client and server and this problem are follow-ons
> from that assumption.
I have a relation between a client and a server. Part of the agreement
is that the file should exist. But if the cfengine stuff on server
didn't run or was not configured to run, I want to alert the client to
notify that the server might not have been setup. WE can dig into it
more, but I am exhausted at the moment.
--
Christian Pearce
Perfect Order, Inc.
http://www.sysnav.com
http://www.perfectorder.com
signature.asc
Description: This is a digitally signed message part