Dash/Unity search feature logs search terms to syslog

Bug #1509076 reported by Skeletor999 on 2015-10-22
272
This bug affects 1 person
Affects Status Importance Assigned to Milestone
unity-scope-gdrive (Ubuntu)
Undecided
Unassigned
Trusty
Medium
Marc Deslauriers
Vivid
Medium
Marc Deslauriers
Wily
Medium
Marc Deslauriers

Bug Description

Note that I believe this was before I set "include online search results" to off from Dash:

0. Fresh install of 15.10
1. Alt-F2
2. Enter search terms, e.g. "settings" or "terminal"
3. See syslog with a utility of your choice

Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: ''
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 's'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 'so'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 'sof'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 'soft'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: ''
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 't'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 'te'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 'ter'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 'term'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 'termi'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 's'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 'se'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 'set'
Oct 22 20:58:14 <redacted> com.canonical.Unity.Scope.File.Gdrive[1302]: Search changed to: 'sett'

ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: compiz-core 1:0.9.12.2+15.10.20151015-0ubuntu1
ProcVersionSignature: Ubuntu 4.2.0-16.19-generic 4.2.3
Uname: Linux 4.2.0-16-generic x86_64
.tmp.unity.support.test.0:

ApportVersion: 2.19.1-0ubuntu3
Architecture: amd64
BootLog:

CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins'
CompositorRunning: compiz
CompositorUnredirectDriverBlacklist: '(nouveau|Intel).*Mesa 8.0'
CompositorUnredirectFSW: true
CurrentDesktop: Unity
Date: Thu Oct 22 22:55:43 2015
DistUpgraded: Fresh install
DistroCodename: wily
DistroVariant: ubuntu
ExecutablePath: /usr/bin/compiz
GraphicsCard:
 Advanced Micro Devices, Inc. [AMD/ATI] Barts PRO [Radeon HD 6850] [1002:6739] (prog-if 00 [VGA controller])
   Subsystem: Micro-Star International Co., Ltd. [MSI] Device [1462:2520]
InstallationDate: Installed on 2015-10-22 (0 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
MachineType: Hewlett-Packard HPE-515sc
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.2.0-16-generic.efi.signed root=UUID=6381166e-e45d-4466-9167-0c6eaeb135f3 ro quiet splash vt.handoff=7
SourcePackage: compiz
UdevLog: Error: [Errno 2] No such file or directory: '/var/log/udev'
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 05/17/2011
dmi.bios.vendor: AMI
dmi.bios.version: 7.14
dmi.board.name: 2AB6
dmi.board.vendor: PEGATRON CORPORATION
dmi.board.version: 1.04
dmi.chassis.asset.tag: CZC1271WZC
dmi.chassis.type: 3
dmi.chassis.vendor: Hewlett-Packard
dmi.modalias: dmi:bvnAMI:bvr7.14:bd05/17/2011:svnHewlett-Packard:pnHPE-515sc:pvr1.04:rvnPEGATRONCORPORATION:rn2AB6:rvr1.04:cvnHewlett-Packard:ct3:cvr:
dmi.product.name: HPE-515sc
dmi.product.version: 1.04
dmi.sys.vendor: Hewlett-Packard
version.compiz: compiz 1:0.9.12.2+15.10.20151015-0ubuntu1
version.ia32-libs: ia32-libs N/A
version.libdrm2: libdrm2 2.4.64-1
version.libgl1-mesa-dri: libgl1-mesa-dri 11.0.2-1ubuntu4
version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
version.libgl1-mesa-glx: libgl1-mesa-glx 11.0.2-1ubuntu4
version.xserver-xorg-core: xserver-xorg-core 2:1.17.2-1ubuntu9
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.9.2-1ubuntu1
version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:7.5.0+git20150819-0ubuntu1
version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.917+git20150808-0ubuntu4
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.11-1ubuntu3
xserver.bootTime: Thu Oct 22 20:55:04 2015
xserver.configfile: default
xserver.devices:
 input Power Button KEYBOARD, id 6
 input Power Button KEYBOARD, id 7
 input PIXART USB OPTICAL MOUSE MOUSE, id 8
 input NOVATEK HP USB Multimedia Keyboard KEYBOARD, id 9
 input NOVATEK HP USB Multimedia Keyboard KEYBOARD, id 10
xserver.errors:

xserver.logfile: /var/log/Xorg.0.log
xserver.version: 2:1.17.2-1ubuntu9
xserver.video_driver: radeon

CVE References

Skeletor999 (skeletor999) wrote :
affects: compiz (Ubuntu) → unity (Ubuntu)
affects: unity (Ubuntu) → unity-scope-gdrive (Ubuntu)
Marc Deslauriers (mdeslaur) wrote :

This is CVE-2015-1343

Changed in unity-scope-gdrive (Ubuntu Trusty):
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in unity-scope-gdrive (Ubuntu Vivid):
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in unity-scope-gdrive (Ubuntu Wily):
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Marc Deslauriers (mdeslaur)
Skeletor999 (skeletor999) wrote :

So... any news?

Seth Arnold (seth-arnold) wrote :

I'm sorry Skeletor999, I don't know where we lost track of this issue.

This code, and a huge raft of other debugging print() statements that should probably be removed, still exist in 14.04 LTS, 16.04 LTS, and 17.04.

Thanks for the report and the re-poke.

Alex Murray (alexmurray) on 2018-09-17
Changed in unity-scope-gdrive (Ubuntu Wily):
status: Confirmed → Won't Fix
Changed in unity-scope-gdrive (Ubuntu Vivid):
status: Confirmed → Won't Fix
Changed in unity-scope-gdrive (Ubuntu):
status: New → Fix Released
information type: Private Security → Public Security
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers