[Bug 1739532] [NEW] apport-collect SHOULD prune out /home/%USER/ from JournalErrors
fermulator
1739532 at bugs.launchpad.net
Thu Dec 21 04:41:02 UTC 2017
Public bug reported:
During https://bugs.launchpad.net/ubuntu/+source/gnome-
shell/+bug/1739525, I ran apport-collect.
I was happy to see that my hostname from the system logs was pruned to
"hostname". Great!
However, there are some logs that complain about /home/FOO user ... we
SHOULD NOT leak a user's $HOME directory contents (a potential list of
local user accounts) into these reports. This MAY be considered as
sensitive information.
The JournalErrors.txt should prune it.
Example of CULPRITS:
{{{
Dec 20 21:39:20 hostname com.ubuntu.OneConf[3069]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/FOO/.cache/oneconf/1dfe6d2e52223c637c7bddd900000002/other_hosts'
Dec 20 21:39:33 hostname com.ubuntu.OneConf[18688]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/BAR/.cache/oneconf/1dfe6d2e52223c637c7bddd900000002/other_hosts'
}}}
The suggestion here, is simply to also prune out usernames from ANY
"/home/%USER" or "~%USER" type regexes.
** Affects: apport (Ubuntu)
Importance: Undecided
Status: New
** Tags: apport privacy
** Description changed:
During https://bugs.launchpad.net/ubuntu/+source/gnome-
shell/+bug/1739525, I ran apport-collect.
I was happy to see that my hostname from the system logs was pruned to
"hostname". Great!
However, there are some logs that complain about /home/FOO user ... we
SHOULD NOT leak a user's $HOME directory contents (a potential list of
local user accounts) into these reports. This MAY be considered as
sensitive information.
The JournalErrors.txt should prune it.
Example of CULPRITS:
{{{
Dec 20 21:39:20 hostname com.ubuntu.OneConf[3069]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/FOO/.cache/oneconf/1dfe6d2e52223c637c7bddd900000002/other_hosts'
Dec 20 21:39:33 hostname com.ubuntu.OneConf[18688]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/BAR/.cache/oneconf/1dfe6d2e52223c637c7bddd900000002/other_hosts'
}}}
+
+ The suggestion here, is simply to also prune out usernames from ANY
+ "/home/%USER" or "~%USER" type regexes.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1739532
Title:
apport-collect SHOULD prune out /home/%USER/ from JournalErrors
Status in apport package in Ubuntu:
New
Bug description:
During https://bugs.launchpad.net/ubuntu/+source/gnome-
shell/+bug/1739525, I ran apport-collect.
I was happy to see that my hostname from the system logs was pruned to
"hostname". Great!
However, there are some logs that complain about /home/FOO user ... we
SHOULD NOT leak a user's $HOME directory contents (a potential list of
local user accounts) into these reports. This MAY be considered as
sensitive information.
The JournalErrors.txt should prune it.
Example of CULPRITS:
{{{
Dec 20 21:39:20 hostname com.ubuntu.OneConf[3069]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/FOO/.cache/oneconf/1dfe6d2e52223c637c7bddd900000002/other_hosts'
Dec 20 21:39:33 hostname com.ubuntu.OneConf[18688]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/BAR/.cache/oneconf/1dfe6d2e52223c637c7bddd900000002/other_hosts'
}}}
The suggestion here, is simply to also prune out usernames from ANY
"/home/%USER" or "~%USER" type regexes.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1739532/+subscriptions
More information about the foundations-bugs
mailing list