the WifiSyslog apport hook (used in firefox/tb) includes SSID informations

Bug #1801383 reported by spm2011 on 2018-11-02
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apport (Ubuntu)
Undecided
Brian Murray
firefox (Ubuntu)
High
Olivier Tilloy
linux (Ubuntu)
Undecided
Unassigned
thunderbird (Ubuntu)
Undecided
Olivier Tilloy

Bug Description

When I apport-bug certain packages such as firefox for example, it uploads the WifiSyslog.txt file.

The WifiSyslog may contain a list of all system connections enumerated in /etc/NetworkManager/system-connections, i.e. all SSIDs the user has ever connected to that are found in the system-connections. This is a serious privacy risk and completely unnecessary information for most bug reports.

Should either remove WifiSyslog as a requirement for packages that don't need it (should I report this to https://bugs.launchpad.net/ubuntu/+source/firefox/ ?), or redact information that may contain usernames and SSIDs from the log file.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: apport 2.20.9-0ubuntu7.4
ProcVersionSignature: User Name 4.15.0-38.41-generic 4.15.18
Uname: Linux 4.15.0-38-generic x86_64
ApportLog:

ApportVersion: 2.20.9-0ubuntu7.4
Architecture: amd64
CrashReports: 640:1000:117:62475:2018-11-01 19:17:29.982295751 -0400:2018-11-01 19:17:30.982295751 -0400:/var/crash/_usr_bin_gnome-screenshot.1000.crash
CurrentDesktop: ubuntu:GNOME
Date: Fri Nov 2 11:24:20 2018
EcryptfsInUse: Yes
InstallationDate: Installed on 2018-09-12 (50 days ago)
InstallationMedia: Ubuntu 16.04.5 LTS "Xenial Xerus" - Release amd64 (20180731)
PackageArchitecture: all
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: apport
UpgradeStatus: Upgraded to bionic on 2018-09-28 (34 days ago)

spm2011 (spm2011) wrote :
summary: - Uploading WifiSyslog to public bug reports is a privacy risk
+ apport uploading WifiSyslog to public bug reports is a major privacy
+ risk
Alex Murray (alexmurray) on 2018-11-05
information type: Private Security → Public Security

Thank you for your bug report, that indeed seems an issue

What apport does is provide a 'attach_wifi' that includes
" report['WifiSyslog'] = recent_syslog(re.compile(r'(NetworkManager|modem-manager|dhclient|kernel|wpa_supplicant)(\[\d+\])?:'))"

Some though
- the n-m stack should probably not include those info in syslog/journal by default
- the apport hook should anonymize the log in that such info are there
- firefox/tb uses that function, maybe that's not needed?

summary: - apport uploading WifiSyslog to public bug reports is a major privacy
- risk
+ the WifiSyslog apport hook (used in firefox/tb) includes SSID
+ informations
Olivier Tilloy (osomon) on 2018-11-05
Changed in firefox (Ubuntu):
assignee: nobody → Olivier Tilloy (osomon)
Olivier Tilloy (osomon) on 2018-11-27
Changed in firefox (Ubuntu):
status: New → In Progress
status: In Progress → Fix Committed
importance: Undecided → High
Olivier Tilloy (osomon) wrote :

I removed the attach_wifi() call in the apport hook. This will make it to the next firefox stable update.

spm2011 (spm2011) wrote :

@osomon +1, thanks!

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package firefox - 64.0+build1-0ubuntu1

---------------
firefox (64.0+build1-0ubuntu1) disco; urgency=medium

  * New upstream stable release (64.0build1)

  [ Olivier Tilloy ]
  * Do not attach Wi-Fi syslog to apport reports (LP: #1801383)
    - update debian/apport/source_firefox.py.in
  * Update debian/patches/unity-menubar.patch

  [ Rico Tzschichholz ]
  * Explicitly set HOME=/tmp
    - update debian/build/rules.mk
  * Bump build-dep on rustc >= 1.29.0 and cargo >= 0.30
    - update debian/control{,.in}
  * Bump cbindgen dependency to 0.6.7
    - update debian/build/create-tarball.py
  * Ship removed onboarding watermark.svg to keep using it as symbolic icon
    - add debian/symbolic.svg
    - update debian/build/rules.mk
  * Drop upstreamed patches
    - remove debian/patches/fix-armhf-aom-build.patch
  * Update patches
    - update debian/patches/dont-treat-tilde-as-special.patch
    - update debian/patches/update-gn-mozbuild.patch

 -- Olivier Tilloy <email address hidden> Tue, 04 Dec 2018 22:39:30 +0100

Changed in firefox (Ubuntu):
status: Fix Committed → Fix Released

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1801383

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
spm2011 (spm2011) wrote :

`apport-bug linux` uploads WifiSyslog.txt, so this also affects apport hook for the linux package.

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Steve Beattie (sbeattie) wrote :

The linux kernel apport hook is provided by apport directly, so needs to be fixed there:

  $ grep -i Wifi /usr/share/apport/package-hooks/source_linux.py
    apport.hookutils.attach_wifi(report)
  $ dpkg -S /usr/share/apport/package-hooks/source_linux.py
    apport: /usr/share/apport/package-hooks/source_linux.py

tags: added: rls-ee-incoming
Will Cooke (willcooke) on 2019-04-30
Changed in thunderbird (Ubuntu):
assignee: nobody → Olivier Tilloy (osomon)
tags: removed: rls-ee-incoming
Brad Figg (brad-figg) on 2019-07-24
tags: added: cscc
Olivier Tilloy (osomon) on 2019-07-26
Changed in thunderbird (Ubuntu):
status: New → Fix Committed
Marc Deslauriers (mdeslaur) wrote :

Hi Brian,

Is this bug on your radar?

Thanks!

Changed in apport (Ubuntu):
status: New → Confirmed
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in apport (Ubuntu):
assignee: nobody → Brian Murray (brian-murray)
Marc Deslauriers (mdeslaur) wrote :

Olivier,

Did this fix make it to Thunderbird?

Thanks!

Olivier Tilloy (osomon) wrote :

Marc, the version currently in eoan-proposed has the fix. I'm working on addressing autopkgtest issues in related packages that prevent thunderbird from migrating to the release pocket.

Once sorted out in eoan, I'll proceed to preparing updates for all stable releases, including this fix.

Marc Deslauriers (mdeslaur) wrote :

WifiSyslog does contain SSID information. While this will be removed from the thunderbird and firefox packages, I don't think it would be appropriate to remove it from the linux kernel apport reports.

For linux packages, this information is helpful in debugging wireless driver issues.

While a list of access point information can be viewed as a privacy issue, the user is prompted when Apport runs if the information is suitable to be attached to the bug or not. In environments where there are privacy concerns, the user can choose to not attach the information when submitting the bug report.

I am therefore closing the Apport task for this bug. Thanks!

Changed in apport (Ubuntu):
status: Confirmed → Won't Fix
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package thunderbird - 1:68.1.1+build1-0ubuntu1

---------------
thunderbird (1:68.1.1+build1-0ubuntu1) eoan; urgency=medium

  * New upstream stable release (68.1.1build1)

  * Build thunderbird against the system-wide version of sqlite3 (LP: #1845929)
    - update debian/config/mozconfig.in
    - update debian/control{,.in}

 -- Olivier Tilloy <email address hidden> Tue, 01 Oct 2019 14:47:00 +0200

Changed in thunderbird (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers