ubiquity apport hook shouldn't suggest password is in log file

Bug #1257159 reported by Marc Deslauriers
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apport (Ubuntu)
Fix Released
Medium
Brian Murray
Trusty
Fix Released
Medium
Brian Murray

Bug Description

data/package-hooks/source_ubiquity.py contains the following:

    if os.path.exists('/var/log/installer/debug'):
        response = ui.yesno("The debug log file from your installation would help us a lot but includes the password you used for your user when installing Ubuntu. Do you want to include this log file?")

This gives users who are filing installation bugs the impression that their password is being logged in clear text to a log file. This is only the case if ubiquity is being run in debugging mode, not during normal operation.

The apport hook should determine if the debug file actually contains debugging information before prompting the user with this scary error message.

Tags: trusty
tags: added: rls-t-incoming
Changed in apport (Ubuntu):
assignee: nobody → Brian Murray (brian-murray)
status: New → In Progress
importance: Undecided → Medium
Revision history for this message
Brian Murray (brian-murray) wrote :

Ubiquity doesn't tell us what options it was started with in UbiquitySyslog.txt, but I think looking for "debconf (developer)" in UbiquityDebug.txt indicates that ubiquity was run in --debug mode.

Revision history for this message
Brian Murray (brian-murray) wrote :

15:43 < stgraber> bdmurray: I'm not sure, I haven't seen
                  one of those logs in a while, but if
                  that's a string that appears whenever
                  we see a debconf transaction that'd be
                  good
15:44 < bdmurray> stgraber: bug 986550 (reported by you)
                  looks to me like it was run in debug
                  mode
15:44 < ubottu> bug 986550 in ubiquity (Ubuntu) "Ubiquity
                crashes with "Illegal instruction" right
                after starting the slideshow"
                [Medium,Confirmed]
                https://launchpad.net/bugs/986550
15:46 < stgraber> bdmurray: yeah, that was in debug mode,
                  so yes, looking for "debconf
                  (developer)" should work

tags: added: trusty
removed: rls-t-incoming
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apport - 2.12.7-0ubuntu2

---------------
apport (2.12.7-0ubuntu2) trusty; urgency=low

  * data/package-hooks/source_ubiquity.py: only warn people about passwords in
    the debug log file if they are running in debug mode (LP: #1257159)
  * data/general-hooks/ubuntu.py: gather more information for dpkg already
    installed and configured package install failures
 -- Brian Murray <email address hidden> Mon, 09 Dec 2013 14:20:12 -0800

Changed in apport (Ubuntu Trusty):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.