Comment 0 for bug 1738581
Revision history for this message
| H.-Dirk Schmitt (dirk-computer42) wrote apport leaks environment variables (including passwords!) to bug reports | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
See the bug report https:/
created with ubuntu-bug.
Apport includes the file JournalErrors.txt
This file includes e.g. the following line.
Dez 16 19:11:31 hostname /usr/lib/
Normally it would be not problem that gdm-x-session write this to the journal, because the journal is not intended to be published on the internet.
Setting confidential informations via environment is maybe not the best idea, but a legal procedure and for `mpc` the only way to set this information.
IMHO the apport utility is here the problem, because it includes the file with risky information to a public visible bug report.
Note: I manually delete the attachment in the mentioned bug report. But how can I sure that a web crawlser hasn't read/preserved that attachment?