[Bug 1756595] Re: disk space info inadvertently provides all installed snaps

Launchpad Bug Tracker 1756595 at bugs.launchpad.net
Thu Sep 12 12:13:46 UTC 2019 

This bug was fixed in the package apt - 1.8.3

---------------
apt (1.8.3) unstable; urgency=medium

  [ Simon Körner ]
  * http: Fix Host header in proxied https connections (LP: #1838771)

  [ Brian Murray ]
  * Do not include squashfs file systems in df output. (LP: #1756595)

apt (1.8.2) unstable; urgency=medium

  [ Alwin Henseler ]
  * Flip /: in documented default value of DPkg::Path (Closes: #917986)

  [ TilmanK ]
  * Fix typo in German manpage translation

  [ Américo Monteiro ]
  * Portuguese manpages translation update (Closes: #926614)

  [ Jean-Pierre Giraud ]
  * French manpages translation update (Closes: #929290)

  [ Michael Zhivich ]
  * methods: https: handle requests for TLS re-handshake (LP: #1829861)

  [ Julian Andres Klode ]
  * Unlock dpkg locks in reverse locking order (LP: #1829860)

 -- Julian Andres Klode <juliank at ubuntu.com>  Fri, 09 Aug 2019 11:16:15
+0200

** Changed in: apt (Ubuntu Disco)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1756595

Title:
  disk space info inadvertently provides all installed snaps

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Bionic:
  Fix Released
Status in apt source package in Disco:
  Fix Released
Status in apt source package in Eoan:
  Fix Released

Bug description:
  [Impact]
  When apport is reporting a crash, it includes the output of the "df" utility, to list the free disk space information per mount point.

  That output nowadays will inadvertently include all snaps that the
  user may have installed, including their revision numbers.

  Here is a simple df output:
  andreas at nsn7:~$ df
  Filesystem                      1K-blocks    Used Available Use% Mounted on
  udev                              8119680       0   8119680   0% /dev
  tmpfs                             1630156    1828   1628328   1% /run
  nsn7/ROOT/ubuntu                433084288 2500608 430583680   1% /
  tmpfs                             8150776   18888   8131888   1% /dev/shm
  tmpfs                                5120       4      5116   1% /run/lock
  tmpfs                             8150776       0   8150776   0% /sys/fs/cgroup
  nsn7/var/log                    430763136  179456 430583680   1% /var/log
  nsn7/var/tmp                    430583808     128 430583680   1% /var/tmp
  /dev/sda2                         1032088  160336    871752  16% /boot
  /dev/sda1                          523248    2720    520528   1% /boot/efi
  nsn7/home                       430651264   67584 430583680   1% /home
  nsn7/var/cache                  430653312   69632 430583680   1% /var/cache
  nsn7/var/mail                   430583808     128 430583680   1% /var/mail
  nsn7/var/spool                  430583808     128 430583680   1% /var/spool
  tmpfs                             1630152      16   1630136   1% /run/user/120
  tmpfs                                 100       0       100   0% /var/lib/lxd/shmounts
  tmpfs                                 100       0       100   0% /var/lib/lxd/devlxd
  tmpfs                             1630152      36   1630116   1% /run/user/1000
  nsn7/lxd/containers/squid-ds216 431444096  860416 430583680   1% /var/lib/lxd/storage-pools/default/containers/squid-ds216
  /dev/loop0                          83712   83712         0 100% /snap/core/4206
  /dev/loop1                         102144  102144         0 100% /snap/git-ubuntu/402

  You can see I have the core snap at revision 4206, and git-ubuntu at
  revision 402.

  There are already many bug reports in launchpad where one can see this
  information.

  Granted, the user can review it, refuse to send this data, etc. This
  bug is about the unexpectedness of having that information in the disk
  space data.

  If the user sees a prompt like "Would you like to include disk free
  space information in your report?", or "Would you like to include the
  output of the df(1) command in your report?", that doesn't immediately
  translate to "Would you like to include disk free space information
  and a list of all installed snaps and their revision numbers in your
  report?".

  [Test case]
  Do something that triggers the apport hook and make sure you don't see snaps in there.

  For example, install xterm, then add exit 1 to the start of the prerm,
  then run apt remove xterm, and investigate /var/crash/xterm.0.crash
  after that (delete before running apt).

  [Regression potential]
  Fix consists of adding -x squashfs to df output, so might hide other non-snap squashfs images.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1756595/+subscriptions

More information about the foundations-bugs mailing list