How to pick up crash reports owned by system users?
martin.pitt at ubuntu.com
Tue Jan 9 08:35:11 GMT 2007
Currently apport-gtk only displays crash reports that belong to you.
That means that reports from programs that ran as root or a system
user will never be shown. This includes things like 'synaptic'.
Robert and I started a discussion how to handle those reports, but
more input would be appreciated.
Robert Collins [2007-01-08 20:11 +1100]:
> Subject: Re: [Bug 72250] Re: After 'filing a bug' for a program that ran as
> root, apport-gtk crashes
> From: Robert Collins <robertc at robertcollins.net>
> To: Martin Pitt <martin.pitt at ubuntu.com>
> Date: Wed, 03 Jan 2007 08:22:16 +1100
> On Tue, 2007-01-02 at 07:18 +0100, Martin Pitt wrote:
> > We already have a bug, #62316. I totally agree that we have to find a
> > solution for this, but until we have, I prefered consistency and the
> > better-safe-than-sorry approach.
> Well some brainstorming ...
> we could use group membership or user name as a key, and either
> whitelist or blacklist from that.
> for instance we could ensure that all users are in a 'user' group by
> default, and blacklist that group - all other users would get world
> readable crashdumps. This particular case would mean existing installs
> would need to change their group memberships, but perhaps the upgrade
> could do that.
> Should we take this to ubuntu-devel?
For the records: At the moment, crash reports are stored as $UID:$GID
0600 for privacy reasons.
I do not want to introduce more groups, since we must not change group
memberships on upgrade, and we only need a pretty coarse separation:
show crash reports from uid >= 1000 should only be displayed to the
user it happened to and reports from system users (<= 1000) should
additionally be accessible to 'administrators'.
I see the following options:
* Store system crash reports as $UID:admin 0660. 'adm' is not strong
enough since new users (if created with users-admin) are in that
group by default. This would immediately make them work with
apport-gtk; however, crash reports with sensitive data are
immediately exposed to all programs runnin in the user's session,
I'm a bit nervous about this.
* Change apport-checkreports to check for the existence of system
crash reports if the user is in 'admin', and have apport-gtk gksu
itself if there is a system crash report it cannot read. This would
be the safe option, but requires some ugly hardcoding of group
names and semantics into apport. However, this hardcoding could
eventually be moved into the update-notifier apport code (when
we'll finally get event-notifier, this will be much cleaner).
I favor the latter option.
Robert, others, what do you think?
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20070109/c786911e/attachment.pgp
More information about the ubuntu-devel