[Bug 359902] Re: ubuntu creash reporting reveals sensitive data

[Timmie]

I am currently testing 20.04.

If there is no option to edit & remove private data prior to sending, I
have little interest in submitting further reports.

Why can the program not present the user with the files & info that is
going to be submitted?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/359902

Title:
  ubuntu creash reporting reveals sensitive data

Status in apport package in Ubuntu:
  Won't Fix

Bug description:
  Hi,

  ubuntu jaunty has a new system to automatically create reports when
  programs crash. Good work. But the reports contain lists of open files
  and thus filenames, and core dumps, which (usually) contain a copy of
  the program's heap and static memory. So uploading that crash report
  to ubuntu's bug reporting system (i.e. this launchpad) reveals memory
  contents to the public.

  Some programs can contain sensible data. For example, the program that
  crashes most often on my jaunty beta installation is the search tool
  of tracker, which basically scans *every single one* of my private
  files. At the moment of crash any contents of my home file system
  could still remain in the process memory space and thus made publicly
  available. Would be interesting to download all core dumps and search
  for private data.

  Most people won't realize this and just send that automatically
  generated report.

  regards

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/359902/+subscriptions