crash files from guest users considered system reports

Bug #1250679 reported by Brian Murray
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apport (Ubuntu)
Fix Released
Low
Martin Pitt
Saucy
Fix Released
Medium
Brian Murray

Bug Description

[Impact]
Users are notified of crashes from guests users indicating that they are system crashes, which they are then unable to report which results in a bad user experience.

[Test Case]
1) log in to your system as your regular user
2) from your session switch to a guest session
3) open a terminal
4) run 'xeyes &'
5) run 'pkill -11 xeyes'
6) wait for a crash dialog
7) switch to your regular session
8) observe a notification regarding a system crash report, click to report it
9) enter your password
10) observe nothing else happens

With the version of apport from saucy-proposed you should not receive a crash notification.

[Regression Potential]
Little as we are explicitly filter on crashes where the username starts with guest.

If a guest user experiences a crash on an Ubuntu system it is reported as a system crash by apport/fileutils.py (because the guest user id is less than 500). Subsequently, a crash notification dialog appears on the guest user's session and on the primary user's session (if they are logged in). However, when you go to actually file the report (as the primary user) nothing happens.

Regardless, I wonder if get_all_system_reports() in apport/fileutils.py couldn't check to see if the crash file is owned by a guest user.

tags: added: saucy
Revision history for this message
Brian Murray (brian-murray) wrote :

The notification is raised by /usr/share/apport/apport-checkreports --system.

Revision history for this message
Martin Pitt (pitti) wrote :

Indeed, thanks for pointing out. We need to filter out guest crashes from the system reports, and special-case guest-like users.

Changed in apport (Ubuntu):
assignee: nobody → Martin Pitt (pitti)
importance: Undecided → Low
status: New → Triaged
Martin Pitt (pitti)
Changed in apport (Ubuntu):
status: Triaged → In Progress
Revision history for this message
Martin Pitt (pitti) wrote :
Changed in apport (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Brian Murray (brian-murray) wrote :

It'd probably be good to SRU this to saucy.

Changed in apport (Ubuntu Saucy):
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apport - 2.12.7-0ubuntu1

---------------
apport (2.12.7-0ubuntu1) trusty; urgency=low

  [ Martin Pitt ]
  * New upstream release:
    - Properly fall back to lsb_release if /etc/os-release is invalid.
    - report.py, add_proc_info(): Add "CurrentDesktop" field with the value of
      $XDG_CURRENT_DESKTOP, if present. (LP: #1247904)
    - fileutils.py, get_all_system_reports(): Filter out "guest..." users,
      they might have a system UID. (LP: #1250679)
    - apt/dpkg: Don't call dpkg-divert with full path, it moved in Ubuntu
      14.04. (LP: #1252305)
  * launchpad.py: Ignore "MarkForUpload" field, it's just for internal
    communication with whoopsie.

  [ Andy Whitcroft ]
  * package-hooks/source_linux.py: pull forward fix to generify linux-meta
    to linux mapping. (LP: #1229611)
  * package-hooks/source_linux.py: pull forward kernel tagging for
    linux-lts- family kernels. (LP: #1229611)
 -- Martin Pitt <email address hidden> Tue, 19 Nov 2013 09:11:53 +0100

Changed in apport (Ubuntu):
status: Fix Committed → Fix Released
description: updated
Changed in apport (Ubuntu Saucy):
status: Triaged → In Progress
assignee: nobody → Brian Murray (brian-murray)
Revision history for this message
Stéphane Graber (stgraber) wrote : Please test proposed package

Hello Brian, or anyone else affected,

Accepted apport into saucy-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/apport/2.12.5-0ubuntu2.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in apport (Ubuntu Saucy):
status: In Progress → Fix Committed
tags: added: verification-needed
Revision history for this message
Brian Murray (brian-murray) wrote :

I've verified the version of apport in saucy-proposed does not raise a crash dialog.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apport - 2.12.5-0ubuntu2.2

---------------
apport (2.12.5-0ubuntu2.2) saucy-proposed; urgency=low

  * Patch from upstream r2732. Filter out "guest..." users, they may have a
    system UID. (LP: #1250679)
 -- Brian Murray <email address hidden> Fri, 06 Dec 2013 11:15:30 -0800

Changed in apport (Ubuntu Saucy):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for apport has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.