the WifiSyslog apport hook (used in firefox/tb) includes SSID informations

Bug #1801383 reported by spm2011 on 2018-11-02
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apport (Ubuntu)
Undecided
Unassigned
firefox (Ubuntu)
High
Olivier Tilloy
linux (Ubuntu)
Undecided
Unassigned
thunderbird (Ubuntu)
Undecided
Olivier Tilloy

Bug Description

When I apport-bug certain packages such as firefox for example, it uploads the WifiSyslog.txt file.

The WifiSyslog may contain a list of all system connections enumerated in /etc/NetworkManager/system-connections, i.e. all SSIDs the user has ever connected to that are found in the system-connections. This is a serious privacy risk and completely unnecessary information for most bug reports.

Should either remove WifiSyslog as a requirement for packages that don't need it (should I report this to https://bugs.launchpad.net/ubuntu/+source/firefox/ ?), or redact information that may contain usernames and SSIDs from the log file.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: apport 2.20.9-0ubuntu7.4
ProcVersionSignature: User Name 4.15.0-38.41-generic 4.15.18
Uname: Linux 4.15.0-38-generic x86_64
ApportLog:

ApportVersion: 2.20.9-0ubuntu7.4
Architecture: amd64
CrashReports: 640:1000:117:62475:2018-11-01 19:17:29.982295751 -0400:2018-11-01 19:17:30.982295751 -0400:/var/crash/_usr_bin_gnome-screenshot.1000.crash
CurrentDesktop: ubuntu:GNOME
Date: Fri Nov 2 11:24:20 2018
EcryptfsInUse: Yes
InstallationDate: Installed on 2018-09-12 (50 days ago)
InstallationMedia: Ubuntu 16.04.5 LTS "Xenial Xerus" - Release amd64 (20180731)
PackageArchitecture: all
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: apport
UpgradeStatus: Upgraded to bionic on 2018-09-28 (34 days ago)

spm2011 (spm2011) wrote :
summary: - Uploading WifiSyslog to public bug reports is a privacy risk
+ apport uploading WifiSyslog to public bug reports is a major privacy
+ risk
Alex Murray (alexmurray) on 2018-11-05
information type: Private Security → Public Security

Thank you for your bug report, that indeed seems an issue

What apport does is provide a 'attach_wifi' that includes
" report['WifiSyslog'] = recent_syslog(re.compile(r'(NetworkManager|modem-manager|dhclient|kernel|wpa_supplicant)(\[\d+\])?:'))"

Some though
- the n-m stack should probably not include those info in syslog/journal by default
- the apport hook should anonymize the log in that such info are there
- firefox/tb uses that function, maybe that's not needed?

summary: - apport uploading WifiSyslog to public bug reports is a major privacy
- risk
+ the WifiSyslog apport hook (used in firefox/tb) includes SSID
+ informations
Olivier Tilloy (osomon) on 2018-11-05
Changed in firefox (Ubuntu):
assignee: nobody → Olivier Tilloy (osomon)
Olivier Tilloy (osomon) on 2018-11-27
Changed in firefox (Ubuntu):
status: New → In Progress
status: In Progress → Fix Committed
importance: Undecided → High
Olivier Tilloy (osomon) wrote :

I removed the attach_wifi() call in the apport hook. This will make it to the next firefox stable update.

spm2011 (spm2011) wrote :

@osomon +1, thanks!

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package firefox - 64.0+build1-0ubuntu1

---------------
firefox (64.0+build1-0ubuntu1) disco; urgency=medium

  * New upstream stable release (64.0build1)

  [ Olivier Tilloy ]
  * Do not attach Wi-Fi syslog to apport reports (LP: #1801383)
    - update debian/apport/source_firefox.py.in
  * Update debian/patches/unity-menubar.patch

  [ Rico Tzschichholz ]
  * Explicitly set HOME=/tmp
    - update debian/build/rules.mk
  * Bump build-dep on rustc >= 1.29.0 and cargo >= 0.30
    - update debian/control{,.in}
  * Bump cbindgen dependency to 0.6.7
    - update debian/build/create-tarball.py
  * Ship removed onboarding watermark.svg to keep using it as symbolic icon
    - add debian/symbolic.svg
    - update debian/build/rules.mk
  * Drop upstreamed patches
    - remove debian/patches/fix-armhf-aom-build.patch
  * Update patches
    - update debian/patches/dont-treat-tilde-as-special.patch
    - update debian/patches/update-gn-mozbuild.patch

 -- Olivier Tilloy <email address hidden> Tue, 04 Dec 2018 22:39:30 +0100

Changed in firefox (Ubuntu):
status: Fix Committed → Fix Released

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1801383

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
spm2011 (spm2011) wrote :

`apport-bug linux` uploads WifiSyslog.txt, so this also affects apport hook for the linux package.

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Steve Beattie (sbeattie) wrote :

The linux kernel apport hook is provided by apport directly, so needs to be fixed there:

  $ grep -i Wifi /usr/share/apport/package-hooks/source_linux.py
    apport.hookutils.attach_wifi(report)
  $ dpkg -S /usr/share/apport/package-hooks/source_linux.py
    apport: /usr/share/apport/package-hooks/source_linux.py

tags: added: rls-ee-incoming
Will Cooke (willcooke) on 2019-04-30
Changed in thunderbird (Ubuntu):
assignee: nobody → Olivier Tilloy (osomon)
tags: removed: rls-ee-incoming
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers