Ubuntu
apport package

PulseList.txt contains private data

Bug #1179686 reported by Fred
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apport (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

Apport leaks private data through the file PulseList.txt which contains the username and hostname in the properties 'application.process.user' and 'application.process.host'.

ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: apport 2.9.2-0ubuntu8
ProcVersionSignature: Ubuntu 3.8.0-20.31-generic 3.8.11
Uname: Linux 3.8.0-20-generic x86_64
ApportLog:

ApportVersion: 2.9.2-0ubuntu8
Architecture: amd64
CrashReports:
 640:1000:130:52113520:2013-05-12 23:21:15.651600837 +0200:2013-05-12 23:21:16.651600837 +0200:/var/crash/_opt_spotify_spotify-client_spotify.1000.crash
 640:1000:130:22886:2013-05-13 19:41:30.049879550 +0200:2013-05-13 19:41:31.049879550 +0200:/var/crash/_usr_lib_ubuntuone-client_ubuntuone-syncdaemon.1000.crash
Date: Mon May 13 23:20:27 2013
InstallationDate: Installed on 2011-10-21 (570 days ago)
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
MarkForUpload: True
PackageArchitecture: all
SourcePackage: apport
UpgradeStatus: Upgraded to raring on 2013-01-20 (112 days ago)

Revision history for this message
Fred (eldmannen+launchpad) wrote :
information type: Private Security → Public Security
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for reporting this issue. We don't consider usernames and hostnames to be private data. If your security criteria requires your username and hostname to be hidden, I suggest either simply cancelling the apport dialog that pops up, or removing the resulting file from launchpad.

Changed in apport (Ubuntu):
status: New → Won't Fix
Revision history for this message
Fred (eldmannen+launchpad) wrote :

Brian Murray might think otherwise, as per bug #1029189 which is kind of similar and which was categorized as high priority.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

OK, re-opening. Thanks.

Changed in apport (Ubuntu):
status: Won't Fix → Confirmed
information type: Public Security → Public
Revision history for this message
Andrea Corbellini (andrea.corbellini) wrote :

I think we need to establish a concrete policy for determining private vs non-private data.

Revision history for this message
Marcus Tomlinson (marcustomlinson) wrote :

This release of Ubuntu is no longer receiving maintenance updates. If this is still an issue on a maintained version of Ubuntu please let us know.

Changed in apport (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for apport (Ubuntu) because there has been no activity for 60 days.]

Changed in apport (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.