Ubuntu
apport package

apport hooks report potentially sensitive data

Bug #453667 reported by LaMont Jones
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apport (Ubuntu)
Triaged
Medium
Unassigned
network-manager (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: network-manager

No effort is made to warn the user what files will be blindly uploaded to public bug reports prior to doing so.

This could include passwords and other sensitive data from interfaces, as well as information that is likely irrelevant to the bug, such as MAC addresses, static routes, and so forth.

While this is specific to the data uploaded by network-manager's hook script, I expect that it is more of a systemic issue in apport.

Revision history for this message
Erik B. Andersen (azendale) wrote :

Aren't apport bugs private by default?

Revision history for this message
Erik B. Andersen (azendale) wrote :

Quoting https://wiki.ubuntu.com/Apport
 "The automatic crash interception component of apport is disabled by default in stable releases for a number of reasons:

   1. Apport collects potentially sensitive data, such as core dumps, stack traces, and log files. They can contain passwords, credit card numbers, serial numbers, and other private material.

      This is mitigated by the fact that it presents you what will be sent to the bug tracker, and that all crash report bugs are private by default, limited to the Ubuntu bug triaging team. We can reasonably expect developers and technically savvy users, who run the development release, to be aware of this and judge whether it is appropriate to file a crash report. But we shouldn't assume that every Ubuntu user of stable releases is able to do so. "

So only the ubuntu bug triaging team can see such reports by default, then, if they are free from sensitive information, one of the triaging team will set them as public.

Revision history for this message
Erik B. Andersen (azendale) wrote :

Also, according to this bug's comments https://bugs.launchpad.net/apport/+bug/144943 , it sounds like if it was a crash, it warns the user, and if you started apport with 'ubuntu-bug' it is assuming you know what you are doing.

Revision history for this message
LaMont Jones (lamont) wrote :

The bug was originally filed without apport, and I ran 'apport-collect 450458' at the request of another developer...

So, after creating a new launchpad user, and a new local user on the laptop, I ran it... and discovered that it tells me what it's sending as or after it does so.... Except for the parts at and following the part where the script died with EPERM (bug 453671).

And, of course, the collected information varies by package, and is completely at the mercy of the uploaders of that package.

One could argue that running apport-collect should cause the bug to be marked private. Or maybe it tries that and fact that I ran it as a different launchpad user comes into play... In any case, no, I won't hand out 'Change anything" credentials to be cached on my machine for my primary launchpad account.

Revision history for this message
Brian Murray (brian-murray) wrote :

Part of this bug, apport-collect displaying what is being uploaded, is covered by bug 371827.

summary: - apport script reports potentially sensitive data
+ apport hooks report potentially sensitive data
Brian Murray (brian-murray)
Changed in apport (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.