provide ability for a hook to mark a bug as private
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apport (Ubuntu) |
Fix Released
|
Wishlist
|
Martin Pitt |
Bug Description
It would be very useful for an apport hook to be able to mark a bug as private by default.
Ideally, I'd like this facility for upstart since if stateful re-exec fails, upstart will attempt to write a dump of the internal state both when running as PID 1 and as a Session Init when managing a desktop session for a non-priv user.
However, we have no way of knowing whether the internal state dump might contain sensitive information (for example, a job may hard-code a password in it).
Currently, the best we can do is simply tag any bugs apport raises to denote that 'the file exists', but ideally, we'd allow it to be uploaded securely since the internal state will provide the best information to help us identify what went wrong.
Related branches
Changed in apport: | |
status: | New → Triaged |
importance: | Undecided → Wishlist |
assignee: | nobody → Martin Pitt (pitti) |
Just to clarify, we are talking about "normal" bug reports here with apport-bug, not about the automatically created ones on program crash? The latter are already private by default. So is the state dump in some upstart log file which gets attached with apport-bug? If it potentially contains passwords, shouldn't that log file be inaccessible to non-root users, so that apport-bug cannot access it in the first place? Or does your package hook attach it using the hookutils. attach_ root_command_ outputs( ) facility?