modified conf file contents attached by apport without asking

Bug #811203 reported by Brian Murray
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apport (Ubuntu)
High
Brian Murray
Oneiric
High
Brian Murray

Bug Description

In apport/hookutils.py there is a function called attach_conffiles which does the following:

        key = 'modified.conffile.' + path_to_key(path)

        if os.path.exists(path):
            contents = open(path).read()
            m = hashlib.md5()
            m.update(contents)
            calculated_md5sum = m.hexdigest()

            if calculated_md5sum != default_md5sum:
                report[key] = contents

So it adds the contents of the conffile without checking with the reporter if this is okay. As I understand it some conffiles can contain passwords so it better if a dialog were raised if the md5sums did not match and the reporter were asked if they want to include the modified file.

Related branches

Revision history for this message
Brian Murray (brian-murray) wrote :
Changed in apport (Ubuntu):
importance: Undecided → High
Changed in apport (Ubuntu Oneiric):
status: New → In Progress
assignee: nobody → Brian Murray (brian-murray)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apport - 1.21.2-0ubuntu6

---------------
apport (1.21.2-0ubuntu6) oneiric; urgency=low

  * data/general-hooks/ubuntu.py:
    - In addition to DpkgTerminalLog also check VarLogDistupgradeApttermllog
      for package installation failure messages
    - Also move postrm.d/zz-update-grub errors to grub2
  * apport/hookutils.py:
    - raise a yes no dialog in the event a conffile has been modified
      (LP: #811203)
 -- Brian Murray <email address hidden> Thu, 21 Jul 2011 06:36:04 +0200

Changed in apport (Ubuntu Oneiric):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers