disk space info inadvertently provides all installed snaps
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apt (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bionic |
Fix Released
|
Medium
|
Unassigned | ||
Disco |
Fix Released
|
Medium
|
Unassigned | ||
Eoan |
Fix Released
|
Medium
|
Unassigned | ||
coreutils (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
When apport is reporting a crash, it includes the output of the "df" utility, to list the free disk space information per mount point.
That output nowadays will inadvertently include all snaps that the user may have installed, including their revision numbers.
Here is a simple df output:
andreas@nsn7:~$ df
Filesystem 1K-blocks Used Available Use% Mounted on
udev 8119680 0 8119680 0% /dev
tmpfs 1630156 1828 1628328 1% /run
nsn7/ROOT/ubuntu 433084288 2500608 430583680 1% /
tmpfs 8150776 18888 8131888 1% /dev/shm
tmpfs 5120 4 5116 1% /run/lock
tmpfs 8150776 0 8150776 0% /sys/fs/cgroup
nsn7/var/log 430763136 179456 430583680 1% /var/log
nsn7/var/tmp 430583808 128 430583680 1% /var/tmp
/dev/sda2 1032088 160336 871752 16% /boot
/dev/sda1 523248 2720 520528 1% /boot/efi
nsn7/home 430651264 67584 430583680 1% /home
nsn7/var/cache 430653312 69632 430583680 1% /var/cache
nsn7/var/mail 430583808 128 430583680 1% /var/mail
nsn7/var/spool 430583808 128 430583680 1% /var/spool
tmpfs 1630152 16 1630136 1% /run/user/120
tmpfs 100 0 100 0% /var/lib/
tmpfs 100 0 100 0% /var/lib/lxd/devlxd
tmpfs 1630152 36 1630116 1% /run/user/1000
nsn7/lxd/
/dev/loop0 83712 83712 0 100% /snap/core/4206
/dev/loop1 102144 102144 0 100% /snap/git-
You can see I have the core snap at revision 4206, and git-ubuntu at revision 402.
There are already many bug reports in launchpad where one can see this information.
Granted, the user can review it, refuse to send this data, etc. This bug is about the unexpectedness of having that information in the disk space data.
If the user sees a prompt like "Would you like to include disk free space information in your report?", or "Would you like to include the output of the df(1) command in your report?", that doesn't immediately translate to "Would you like to include disk free space information and a list of all installed snaps and their revision numbers in your report?".
[Test case]
Do something that triggers the apport hook and make sure you don't see snaps in there.
For example, install xterm, then add exit 1 to the start of the prerm, then run apt remove xterm, and investigate /var/crash/
[Regression potential]
Fix consists of adding -x squashfs to df output, so might hide other non-snap squashfs images.
Related branches
- Sergio Durigan Junior (community): Approve
- Ubuntu Core Development Team: Pending requested
-
Diff: 62 lines (+40/-0)3 files modifieddebian/changelog (+12/-0)
debian/patches/series (+1/-0)
debian/patches/treat-devtmpfs-and-squashfs-as-dummy-filesystems.patch (+27/-0)
summary: |
- disk space info inadvertently lists all installed snaps + disk space info inadvertently provides all installed snaps |
tags: | added: rls-bb-incoming |
tags: |
added: bionic removed: rls-bb-incoming |
tags: | added: rls-bb-notfixing |
tags: | added: rls-dd-incoming |
tags: |
added: rls-ee-incoming removed: rls-dd-incoming |
Changed in apt (Ubuntu): | |
status: | Triaged → Fix Committed |
Changed in apt (Ubuntu Disco): | |
status: | New → Triaged |
importance: | Undecided → Medium |
tags: | removed: rls-ee-incoming |
description: | updated |
Changed in apt (Ubuntu Bionic): | |
status: | Triaged → In Progress |
description: | updated |
description: | updated |
no longer affects: | apport (Ubuntu) |
no longer affects: | apport (Ubuntu Bionic) |
no longer affects: | apport (Ubuntu Disco) |
no longer affects: | apport (Ubuntu Eoan) |
Changed in coreutils (Ubuntu): | |
status: | New → Fix Committed |
This actually comes from apt (apt-pkg/ deb/dpkgpm. cc) and no filtering of the df output is done.
2272 // attach df -l log (to learn about filesystem status) "/bin/df" ))
2273 if (FileExists(
2274 {
2275
2276 fprintf(report, "Df:\n");
2277 FILE *log = popen("/bin/df -l","r");
2278 if(log != NULL)
2279 {
2280 char buf[1024];
2281 while( fgets(buf, sizeof(buf), log) != NULL)
2282 fprintf(report, " %s", buf);
2283 pclose(log);
2284 }
2285 }