disk space info inadvertently provides all installed snaps

Bug #1756595 reported by Andreas Hasenack on 2018-03-17
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apport (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Unassigned
apt (Ubuntu)
Medium
Unassigned
Bionic
Medium
Unassigned

Bug Description

When apport is reporting a crash, it includes the output of the "df" utility, to list the free disk space information per mount point.

That output nowadays will inadvertently include all snaps that the user may have installed, including their revision numbers.

Here is a simple df output:
andreas@nsn7:~$ df
Filesystem 1K-blocks Used Available Use% Mounted on
udev 8119680 0 8119680 0% /dev
tmpfs 1630156 1828 1628328 1% /run
nsn7/ROOT/ubuntu 433084288 2500608 430583680 1% /
tmpfs 8150776 18888 8131888 1% /dev/shm
tmpfs 5120 4 5116 1% /run/lock
tmpfs 8150776 0 8150776 0% /sys/fs/cgroup
nsn7/var/log 430763136 179456 430583680 1% /var/log
nsn7/var/tmp 430583808 128 430583680 1% /var/tmp
/dev/sda2 1032088 160336 871752 16% /boot
/dev/sda1 523248 2720 520528 1% /boot/efi
nsn7/home 430651264 67584 430583680 1% /home
nsn7/var/cache 430653312 69632 430583680 1% /var/cache
nsn7/var/mail 430583808 128 430583680 1% /var/mail
nsn7/var/spool 430583808 128 430583680 1% /var/spool
tmpfs 1630152 16 1630136 1% /run/user/120
tmpfs 100 0 100 0% /var/lib/lxd/shmounts
tmpfs 100 0 100 0% /var/lib/lxd/devlxd
tmpfs 1630152 36 1630116 1% /run/user/1000
nsn7/lxd/containers/squid-ds216 431444096 860416 430583680 1% /var/lib/lxd/storage-pools/default/containers/squid-ds216
/dev/loop0 83712 83712 0 100% /snap/core/4206
/dev/loop1 102144 102144 0 100% /snap/git-ubuntu/402

You can see I have the core snap at revision 4206, and git-ubuntu at revision 402.

There are already many bug reports in launchpad where one can see this information.

Granted, the user can review it, refuse to send this data, etc. This bug is about the unexpectedness of having that information in the disk space data.

If the user sees a prompt like "Would you like to include disk free space information in your report?", or "Would you like to include the output of the df(1) command in your report?", that doesn't immediately translate to "Would you like to include disk free space information and a list of all installed snaps and their revision numbers in your report?".

summary: - disk space info inadvertently lists all installed snaps
+ disk space info inadvertently provides all installed snaps
tags: added: rls-bb-incoming
Brian Murray (brian-murray) wrote :

This actually comes from apt (apt-pkg/deb/dpkgpm.cc) and no filtering of the df output is done.

2272 // attach df -l log (to learn about filesystem status)
2273 if (FileExists("/bin/df"))
2274 {
2275
2276 fprintf(report, "Df:\n");
2277 FILE *log = popen("/bin/df -l","r");
2278 if(log != NULL)
2279 {
2280 char buf[1024];
2281 while( fgets(buf, sizeof(buf), log) != NULL)
2282 fprintf(report, " %s", buf);
2283 pclose(log);
2284 }
2285 }

Changed in apt (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
Changed in apport (Ubuntu):
status: New → Invalid
tags: added: bionic
removed: rls-bb-incoming
tags: added: rls-bb-notfixing
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers