NetBSD Problem Report #57458

From www@netbsd.org  Fri Jun  9 13:00:52 2023
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 02B4A1A9241
	for <gnats-bugs@gnats.NetBSD.org>; Fri,  9 Jun 2023 13:00:52 +0000 (UTC)
Message-Id: <20230609130020.9DAF31A9244@mollari.NetBSD.org>
Date: Fri,  9 Jun 2023 13:00:20 +0000 (UTC)
From: great.sage.1003@gmail.com
Reply-To: great.sage.1003@gmail.com
To: gnats-bugs@NetBSD.org
Subject: ftp.netbsd.org has a file master.passwd visible on google
X-Send-Pr-Version: www-1.0

>Number:         57458
>Category:       security
>Synopsis:       ftp.netbsd.org has a file master.passwd visible on google
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    security-officer
>State:          closed
>Class:          doc-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jun 09 13:05:00 +0000 2023
>Closed-Date:    Fri Jun 09 13:12:08 +0000 2023
>Last-Modified:  Fri Jun 09 13:15:01 +0000 2023
>Originator:     Aryan Rajoria
>Release:        10 and 06/09/2023
>Organization:
Georgia Tech
>Environment:
on ftp.netbsd.org
>Description:
file `master.passwd` visible on
https://ftp.netbsd.org/pub/NetBSD/NetBSD-current/src/etc/master.passwd

I dont know if this is the indented behaviour?
>How-To-Repeat:
open link in a browser:
https://ftp.netbsd.org/pub/NetBSD/NetBSD-current/src/etc/master.passwd

>Fix:
Changes in the robots.txt file.

>Release-Note:

>Audit-Trail:

State-Changed-From-To: open->closed
State-Changed-By: martin@NetBSD.org
State-Changed-When: Fri, 09 Jun 2023 13:12:08 +0000
State-Changed-Why:
Not a bug, this file needs to be downloadable


From: Taylor R Campbell <riastradh@NetBSD.org>
To: great.sage.1003@gmail.com
Cc: gnats-bugs@netbsd.org
Subject: Re: security/57458: ftp.netbsd.org has a file master.passwd visible on google
Date: Fri, 9 Jun 2023 13:14:47 +0000

 Congratulations, you found the source code to NetBSD!

 NetBSD's source code includes an initial master.passwd file with all
 the standard pseudo-user accounts used for running daemons and other
 purposes.  (No secrets are stored in this file in the source code.)

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.