modified conf file contents attached by apport without asking

Bug #811203 reported by Brian Murray on 2011-07-15
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apport (Ubuntu)
High
Brian Murray
Oneiric
High
Brian Murray

Bug Description

In apport/hookutils.py there is a function called attach_conffiles which does the following:

        key = 'modified.conffile.' + path_to_key(path)

        if os.path.exists(path):
            contents = open(path).read()
            m = hashlib.md5()
            m.update(contents)
            calculated_md5sum = m.hexdigest()

            if calculated_md5sum != default_md5sum:
                report[key] = contents

So it adds the contents of the conffile without checking with the reporter if this is okay. As I understand it some conffiles can contain passwords so it better if a dialog were raised if the md5sums did not match and the reporter were asked if they want to include the modified file.

Related branches

Brian Murray (brian-murray) wrote :
Changed in apport (Ubuntu):
importance: Undecided → High
Changed in apport (Ubuntu Oneiric):
status: New → In Progress
assignee: nobody → Brian Murray (brian-murray)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apport - 1.21.2-0ubuntu6

---------------
apport (1.21.2-0ubuntu6) oneiric; urgency=low

  * data/general-hooks/ubuntu.py:
    - In addition to DpkgTerminalLog also check VarLogDistupgradeApttermllog
      for package installation failure messages
    - Also move postrm.d/zz-update-grub errors to grub2
  * apport/hookutils.py:
    - raise a yes no dialog in the event a conffile has been modified
      (LP: #811203)
 -- Brian Murray <email address hidden> Thu, 21 Jul 2011 06:36:04 +0200

Changed in apport (Ubuntu Oneiric):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers