privacy leak because web.static does not exist

[jg71]

when a client/node is created, in tahoe.cfg "web.static = public_html" is enabled by default, but public_html is not created. Thus, surfing to ​http://localhost:3456/static/ leaks

a) the absolute path of where web.static is expected to be b) the python version used c) maybe which OS is used

solution: don't enable web.static by default, or create public_html directory during client/node creation

[nejucomo]

This issue is relevant when an operator wishes to provide web gateway access to untrusted users will limiting their own risk. This is not a use case that the web gateway was designed for, but several users have requested this use case.

[nejucomo]

Note: I created a lafs-rpg issue that is related to this: ​https://bitbucket.org/nejucomo/lafs-rpg/issue/6/replace-stack-trace-responses-with-generic

[davidsarah]

This is a special case of #1008 (although the expected path of public_html would be leaked even if the exception report only showed the message and not the detailed traceback).

[Brian Warner <warner@…>]

In 5a5ba64/trunk:

use twisted.web.static, not nevow.static, for public_html/

This avoids a privacy leak when the web.static= directory is configured
but doesn't exist (which is almost always, since we set `web.static =
public_html` in the default config file, but nothing automatically
creates it). The nevow.static.File class tries to os.stat() the
directory before doing anything else, which causes an exception, which
renders the traceback to the HTTP client as a 500 Internal Server Error,
and the traceback includes the full path of the missing public_html
directory, which reveals the node's basedir.

Plain twisted.web.static.File doesn't do this check, and a missing
web.static directory just results in a plain old 404.

Closes ticket:1720.