Comment 8 for bug 1839795

Hi Seth,

Here's my suggestion. Note that it would probably be cleaner to do this inside add_proc_info, rather than at the call site as I have done here. I have done it this way because it's the most concise way to present the idea. I copied the technique that Alex used to fix bug 1830858.

Thanks,

Kev

diff --git a/data/apport b/data/apport
index 03f93d12..af2c3333 100755
--- a/data/apport
+++ b/data/apport
@@ -497,7 +497,16 @@ try:

     # We already need this here to figure out the ExecutableName (for scripts,
     # etc).
- info.add_proc_info(pid)
+
+ euid = os.geteuid()
+ try:
+ # Drop permissions temporarily to make sure that we don't
+ # include information in the crash report that the user should
+ # not be allowed to access.
+ os.seteuid(os.getuid())
+ info.add_proc_info(pid)
+ finally:
+ os.seteuid(euid)

     if 'ExecutablePath' not in info:
         error_log('could not determine ExecutablePath, aborting')