ProcMaps.txt may contain private information such as username

Fred . eldmannen at gmail.com
Fri Jul 27 15:56:10 UTC 2012 

In a non-automated process such as the manual screening it is easy
that by human a slip would occur where such data were not removed.

Disclosing the username is not much of a threat, but it was not
apparent to the user reporting the bug that hes username would be
announced.
The username may also be used in social engineering attacks.

Also a user might not want his username, realname, or pseudonym
identified or associated with his Launchpad account.

The user have a expectation that he reports a bug, not sending
personal identifiable information. This may trigger spyware
allegations.
Imagine if Microsoft did this, "Microsoft's bug report software
includes spyware that secretly collects personal identifiable
information!" and there would be a huge backlash.

If Apport detects any personally identifiable information, it should
scrub it before sending it to Launchpad.

A prerequisite for being a good Ubuntu user who reports bugs is that
it is trusted to not collect any personally identifiable information.
Many users disable bug reporting for these reasons. As well does many
companies as a company-wide policy.

Please automatically replace all occurrences of $USER and $HOSTNAME
with a dummy string prior to sending the data to Launchpad.


On Fri, Jul 27, 2012 at 5:28 PM, Thomas Ward
<trekcaptainusa.tw at gmail.com> wrote:
> To quote Andrea Corbellini on the bug you linked us to:
>
>>
>> Bug reports created by Apport may containing a variety of sensible
>> information -- from user names to credit card numbers. If you think that
>> ProcMaps.txt is leaking private information, than don't look at the other
>> files!
>
>
>>
>> Well, jokes apart, all potentially sensible information uploaded is always
>> secured and reviewed by experienced and competent people. When real sensible
>> information are found, they are removed before a bug report is made public.
>> There are well-established procedures used to deal with such cases.
>
>
> These competent people are a small subgroup of people who can see bugs.
> These bugs are screened for private information such as user names or credit
> card numbers.  Before those bugs get set as publicly visible, members of the
> teams who can see those private bugs screen the information for such private
> data, and either remove the file or handle it accordingly.  Thus far, I've
> not witnessed any breaches in this.
>
> There have been crash bugs on other applications and packages (of which I
> have personally triaged or reviewed, as a member of that package's upstream
> team or as a member of BugControl), and sometimes this "private information"
> is included in crash stack traces for python programs.  Since for the
> package I referred to only BugControl can see the private information, what
> I did in that particular instance was obfuscate that information by
> replacing the user name with 'IAmATeapot' or some other random name that
> does not exist, thereby obfuscating the information (and of course removing
> the original file uploaded by Apport), long before setting the bug as a
> public security bug.
>
>
> If I may ask, Fred, why, personally, would you want that information purged,
> other than "Oh, my user name is in there"?  Generally speaking, if your
> username is there, but you dont have, say, an SSH server running, or a DMZ'd
> system with no firewall protection or other form of protection, or are
> intentionally not hardening your system, disclosing your username is not
> **too** much of a threat.
>
>
> -------
> Thomas Ward
> LPID: trekcaptainusa-tw
> Ubuntu BugSquad Member
>
> On Thu, Jul 26, 2012 at 12:39 PM, Fred . <eldmannen at gmail.com> wrote:
>>
>> https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1029189
>>
>> The ProcMaps.txt file that gets uploaded to Launchpad may contain
>> private information such as username that can be obtained from the
>> path of the home directory.
>>
>> 7fbd44c33000-7fbd44c34000 r--s 00000000 08:01 1306557
>> /home/alice/.local/share/mime/mime.cache
>>
>> I propose scrubbing/anonymizing the username.
>>
>> --
>> Ubuntu-bugsquad mailing list
>> Ubuntu-bugsquad at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugsquad
>
>

More information about the Ubuntu-bugsquad mailing list